{"uuid": "554c7acb-aa5a-4dba-ba06-31a20289432f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26324", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9048", "content": "RCE on Xiaomi 13 Pro (CVE-2023-26324)\n\ud83d\udc49Exploitation:\n1) Open URL in WebView\n2) Inject JavaScript\n3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload\n4) Get shell\n\n\ud83d\udc49Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf", "creation_timestamp": "2024-08-21T11:45:33.000000Z"}