Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-4406 PoC — Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability

Source
https://github.com/Yogehi/cve-2024-4406-xiaomi13pro-exploit-files
Associated Vulnerability
Title:Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability (CVE-2024-4406)
Description:Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332.
Description
Files related to the Pwn2Own Toronto 2023 exploit against the Xiaomi 13 Pro.
Readme
# cve-2024-4406-xiaomi13pro-exploit-files
Files related to the Pwn2Own Toronto 2023 exploit against the Xiaomi 13 Pro.
File Snapshot

 [4.0K]  /data/pocs/add625eced673f2dba206cf799d15f6360af1972
├── [3.8M]  DEF CON 32 - Ken Gannon Ilyes Beghdadi - Xiaomi The Money Our Toronto Pwn2Own Exploit and Behind The Scenes Story-exploit.mp4
├── [ 10M]  DEF CON 32 - Ken Gannon Ilyes Beghdadi - Xiaomi The Money Our Toronto Pwn2Own Exploit and Behind The Scenes Story.pdf
├── [4.0K]  exploit-files
│   ├── [1.4K]  index.html
│   └── [2.2K]  yay.js
├── [4.0K]  getapps-apks
│   ├── [ 32M]  com.xiaomi.mipicks-v4003027.apk
│   └── [ 32M]  com.xiaomi.mipicks-v4003028.apk
└── [ 119]  README.md

2 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →