Skip to content
/ RIUS Public
forked from zadewg/RIUS

RTLO Injection URI Spoofing

License

MIT license
0 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Muree53/RIUS

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.sh
exploit.sh
 
 
imessage.mp4
imessage.mp4
 
 
instagram.gif
instagram.gif
 
 
messenger.jpeg
messenger.jpeg
 
 
poc.py
poc.py
 
 
whatsapp.gif
whatsapp.gif
 
 

Repository files navigation

RIUS - RTLO Injection URI Spoofing CVE-2020-20093; 20094; 20095; 20096

CWE-451: User Interface (UI) Misrepresentation of Critical Information.

The user interface does not properly represent critical information to the user, allowing the information to be spoofed. This is often a component in online scams, phishing and disinformation propagation.

 

When a message contains a valid URL, it is highlighted and marked as hyperlink. However, this is printed to screen before sanitizing Unicode Control Characters, which results in URI spoofing via specially crafted messages.

Affects all recent distributions of iOS iMessage, WhatsApp, Instagram, and Facebook Messenger as of 2019.8.15

WhatsApp Instagram DM
POCW POCI

mapez - telegram

About

RTLO Injection URI Spoofing

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 66.4%
  • Python 33.6%