手机的tel:url安全漏洞记录
来源:互联网 发布:酒店软件 编辑:程序博客网 时间:2024/05/16 12:39
http://dylanreeve.com/phone.php
In brief it works like this:
- Phones support special dialing codes called USSDs that can display certain information or perform specific special features. Among these are common ones (*#06# to display IMEI number) and phone specific ones (including, on some phones, a factory reset code).
- There is a URL scheme prefix called tel: which can, in theory, be used to hyperlink to phone numbers. The idea being that clicking on atel: URL will initiate the phone's dialer to call that number.
- In some phones the dialer will automatically process the incoming number. If it's a USSD code then it will be handled exactly as if it had be keyed in manually - requiring no user intervention to execute.
- A tel: URL can be used by a hostile website as the SRC for an iframe (or potentially other resources like stylesheets or scripts I guess). It may then be loaded and acted upon with no user intervention at all.
A video demonstrating the process has been widely circulated - it also details some other vectors to deliver thetel: URL - including WAP Push SMS, QR Code and NFC. All of these processes have the same end result.
- 手机的tel:url安全漏洞记录
- BlackBerryContact.TEL的误区
- 手机页面点击电话进入拨号界面---a链接的tel属性
- 小米手机电商主站严重安全漏洞
- Email,Tel 等的正则表达式
- Telephony中tel,sip的区分
- [Phonegap+Sencha Touch] 移动开发39 某些安卓手机的webview使用location.href="tel:123456"不能调到打电话的界面
- 记录一些有用的URL
- USB Key的安全漏洞
- WEB服务的安全漏洞
- tomcat的安全漏洞
- ASP 常见的安全漏洞
- 安全漏洞的存活期
- ASP常见的安全漏洞
- 常见的WEB安全漏洞
- wdcp的一个安全漏洞
- 常见的WEB安全漏洞
- 手机的一些知识记录
- 职业女性有两种状态 (FT中文网)
- 如何分析源码
- poj_3181
- Android NDK 调用c++ stl 模板库(修改android.mk文件)
- 探讨Linux内核启动之BIOS启动阶段
- 手机的tel:url安全漏洞记录
- V4L2讲解
- SmbFile共享文件夹下新建文件夹
- 关于在xcode中使用Versions时,比较文件出现The File Merge application could not be located. 解决方法
- 日语的公司机构与事务
- SQL Server死锁详解
- IOS的重力感应
- 日语的主要社会职业
- iOS5开发:从程序里直接跳转到设置项的实现和代码分享(类似于金山电池医生功能,iOS5有效)