module

Mac OS X Safari file:// Redirection Sandbox Escape

Try Surface Command
Back to search
Disclosed
Jan 16, 2014
Created
May 30, 2018

Description

Versions of Safari before 8.0.6, 7.1.6, and 6.2.6 are vulnerable to a
"state management issue" that allows a browser window to be navigated
to a file:// URL. By dropping and loading a malicious .webarchive file,
an attacker can read arbitrary files, inject cross-domain Javascript, and
silently install Safari extensions.

Author

joev joev@metasploit.com

Platform

OSX

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use auxiliary/gather/safari_file_url_navigation
    msf auxiliary(safari_file_url_navigation) > show actions
        ...actions...
    msf auxiliary(safari_file_url_navigation) > set ACTION < action-name >
    msf auxiliary(safari_file_url_navigation) > show options
        ...show and set options...
    msf auxiliary(safari_file_url_navigation) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today