exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 80 RSS Feed

Files

Android Settings Pendingintent Leak
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid.

tags | exploit
advisories | CVE-2014-8609
SHA-256 | cfc2aeebb8ce7b28e800f8cd2c1a2ef4f012afd9da67892dea7842b3fef42e7c

Related Files

Android Mercury Browser Intent URI Scheme And Directory Traversal
Posted Aug 31, 2024
Authored by sinn3r, joev, rotlogix | Site metasploit.com

This Metasploit module exploits an unsafe intent URI scheme and directory traversal found in Android Mercury Browser version 3.2.3. The intent allows the attacker to invoke a private wifi manager activity, which starts a web server for Mercury on port 8888. The webserver also suffers a directory traversal that allows remote access to sensitive files. By default, this module will go after webviewCookiesChromium.db, webviewCookiesChromiumPrivate.db, webview.db, and bookmarks.db. But if this isnt enough, you can also specify the ADDITIONAL_FILES datastore option to collect more files.

tags | exploit, remote, web
SHA-256 | 42c6caf8a1093e6428f263ebc0ed216930afb756d1796e8f552f46a3d7e1ee90
Android Open Source Platform (AOSP) Browser UXSS
Posted Aug 31, 2024
Authored by Rafay Baloch, joev | Site metasploit.com

This Metasploit module exploits a Universal Cross-Site Scripting (UXSS) vulnerability present in all versions of Androids open source stock browser before 4.4, and Android apps running on < 4.4 that embed the WebView component. If successful, an attacker can leverage this bug to scrape both cookie data and page contents from a vulnerable browser window. Target URLs that use X-Frame-Options can not be exploited with this vulnerability. Some sample UXSS scripts are provided in data/exploits/uxss.

tags | exploit, xss
SHA-256 | 515d589ae7fa921c6c47ddf5fa3b3cc8aad06aec0fe62c65331d5cac2c574d51
Android Content Provider File Disclosure
Posted Aug 31, 2024
Authored by jduck, Thomas Cannon | Site metasploit.com

This Metasploit module exploits a cross-domain issue within the Android web browser to exfiltrate files from a vulnerable device.

tags | exploit, web
advisories | CVE-2010-4804
SHA-256 | dd13356635f2999608328974a708d0fa3528aed773ff26396b6cd072f639afbd
Android Browser File Theft
Posted Aug 31, 2024
Authored by Rafay Baloch, joev | Site metasploit.com

This Metasploit module steals the cookie, password, and autofill databases from the Browser application on AOSP 4.3 and below.

tags | exploit
SHA-256 | 461f161dc15f2136e113fe628614a254fcbe8647f9473ac567fe7752ac4fa00a
Android Browser Open in New Tab Cookie Theft
Posted Aug 31, 2024
Authored by Rafay Baloch, joev | Site metasploit.com

In Androids stock AOSP Browser application and WebView component, the "open in new tab" functionality allows a file URL to be opened. On versions of Android before 4.4, the path to the sqlite cookie database could be specified. By saving a cookie containing a <script> tag and then loading the sqlite database into the browser as an HTML file, XSS can be achieved inside the cookie file, disclosing *all* cookies (HttpOnly or not) to an attacker.

tags | exploit
SHA-256 | 70b3a8344e4fcf5439123086e568b9e7984fe8d61764dc191d64ca919125593d
Android Open Source Platform (AOSP) Browser UXSS
Posted Aug 31, 2024
Authored by Rafay Baloch, joev | Site metasploit.com

This Metasploit module exploits a Universal Cross-Site Scripting (UXSS) vulnerability present in all versions of Androids open source stock browser before 4.4, and Android apps running on < 4.4 that embed the WebView component. If successful, an attacker can leverage this bug to scrape both cookie data and page contents from a vulnerable browser window. If your target URLs use X-Frame-Options, you can enable the "BYPASS_XFO" option, which will cause a popup window to be used. This requires a click from the user and is much less stealthy, but is generally harmless-looking. By supplying a CUSTOM_JS parameter and ensuring CLOSE_POPUP is set to false, this module also allows running arbitrary javascript in the context of the targeted URL. Some sample UXSS scripts are provided in data/exploits/uxss.

tags | exploit, arbitrary, javascript, xss
advisories | CVE-2014-6041
SHA-256 | c310932b590c18e1c4846f4e90d57edda5909db4103dc3c5954aec52431efc71
Android Stock Browser Iframe Denial of Service
Posted Aug 31, 2024
Authored by Jean Pereira, Jonathan Waggoner | Site metasploit.com

This Metasploit module exploits a vulnerability in the native browser that comes with Android 4.0.3. If successful, the browser will crash after viewing the webpage.

tags | exploit
advisories | CVE-2012-6301
SHA-256 | ed9f536506a6fbec4e357c8ba0d4fba05c0f9f3e72f96d8657a24235f3ca4bda
Google Android Passkey Deletion / Confusion
Posted Feb 14, 2024
Authored by Erik van Straten

The Google Passkey Manager on Android appears to have inconsistent messaging for deletion of data along with other varying issues that lead us to believe it's not ready for prime time.

tags | advisory
SHA-256 | 71ba8e2e5aa435ade4ea33b5a81739d52d8bb150b921a598410d86d24ec2fe85
Android Application Vulnerabilities
Posted Jan 26, 2021
Authored by SunCSR

Whitepaper called Android Application Vulnerabilities. Written in Vietnamese.

tags | paper, vulnerability
SHA-256 | 25a9be443e83e5ebb65adc0990933e8bc358ae4df7692ffa351cac1c3505acde
Android Studio Privilege Escalation
Posted Dec 22, 2020
Authored by houjingyi

Android Studio has an issue where a malicious project can execute a custom cmd.exe allowing for privilege escalation. Google does not believe this is an issue.

tags | exploit
SHA-256 | 46be4037148bbd4dd5a2366f68c681f1a4a3663d8877cd818fdf312172011cdc
Android o2 Business 1.2.0 Open Redirect
Posted Jul 3, 2020
Authored by Julien Ahrens | Site rcesecurity.com

o2 Business for Android version 1.2.0 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2020-11882
SHA-256 | ed073540b55db066df4e43d61452b19af671d57a6dad0ef1271c98600b232356
Android Bluetooth Remote Denial Of Service
Posted Mar 25, 2020
Authored by nu11secur1ty

Android suffers from a bluetooth remote denial of service vulnerability.

tags | exploit, remote, denial of service
advisories | CVE-2020-0022
SHA-256 | 89e5543cb6f51f283e41a489aaa3e084de84be0c84b8090c5910f061d0b501ba
Android Pentest Tutorial Step By Step
Posted Feb 20, 2020
Authored by Meisam Monsef

Whitepaper called Android Pentest Tutorial Step By Step. Written in Persian.

tags | paper
SHA-256 | 5b7d21010a256cb1f4b468d223e3ec667013b6a8d7142cf2136bd61da5d324c0
Android RSSI Broadcast Information Disclosure
Posted Nov 13, 2018
Authored by Yakov Shafranovich, Vilius Kraujutis | Site wwws.nightwatchcybersecurity.com

Android OS suffers from a sensitive data exposure vulnerability in its RSSI broadcasts.

tags | exploit, info disclosure
advisories | CVE-2018-9581
SHA-256 | b84b85cafb558b1dc05e71a251d6e82bce2a07ab37bb19c2c696f5dd92aa04d5
Android 5.0 Battery Information Broadcast Information Disclosure
Posted Nov 13, 2018
Authored by Yakov Shafranovich, Vilius Kraujutis | Site wwws.nightwatchcybersecurity.com

Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts.

tags | exploit, info disclosure
advisories | CVE-2018-15835
SHA-256 | 8ad47d4c35696bfefa77337a99ecd6afe8715bda10ca617af6f70817f6c9f62c
Android Application Penetration Testing
Posted Sep 19, 2018
Authored by Seyedhojjat Hosseini

Whitepaper called Android Application Penetration Testing. Written in Persian.

tags | paper
SHA-256 | 99ed5daa9189d9dc52297b718052e093b81f9027457ef626c18d34c33e76312b
Android Dexdump Buffer Overflow
Posted Sep 3, 2018
Authored by Veysel HATAS

Android Dexdump, tested on Nexus 4 with Android 5.1.1, was found to have a buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 17f6454004b8a93af64f455ddf63ae9dda00225c1d8b53683c343356ee18c5ad
Android OS WiFi Broadcast Sensitive Data Exposure
Posted Aug 30, 2018
Authored by Yakov Shafranovich, Vilius Kraujutis | Site wwws.nightwatchcybersecurity.com

System broadcasts by Android OS expose information about the user's device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.

tags | exploit, local, info disclosure
advisories | CVE-2018-9489
SHA-256 | 523ebc0e6847c2ff3858fa671185f0aded4e77fd712ecd694c1d059ae8df9760
Android Application Pentest With Drozer
Posted Jun 1, 2018
Authored by Artin Ghafary

Whitepaper called Android Application Pentest With Drozer. Written in Persian.

tags | paper
SHA-256 | bbab551e432b1fa855bffd240fa39aaa15559b5520d44abc8128b8be2b998743
Android OS FLAG_SECURE Information Disclosure
Posted May 25, 2018
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with the screen capture permissions. The vendor (Google) fixed this issue in 2018-02-01 Pixel security update.

tags | exploit, info disclosure
advisories | CVE-2017-13243
SHA-256 | 419aa59f60c639bf9769fc664825bf713bf20d2a125449f8cf156e98eb09bb86
Android Bluetooth BNEP bnep_data_ind() Remote Heap Disclosure
Posted Mar 23, 2018
Authored by QuarksLab

Android Bluetooth BNEP bnep_data_ind() remote heap disclosure proof of concept vulnerability.

tags | exploit, remote, proof of concept, info disclosure
advisories | CVE-2017-13258, CVE-2017-13260, CVE-2017-13261, CVE-2017-13262
SHA-256 | bca48d1c32a6cf579a5ece90b87234274c98bed6401f1470ca5a6cdcba4d5b50
Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-Of-Bounds Read
Posted Mar 23, 2018
Authored by QuarksLab

Android Bluetooth BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG out-of-bounds read proof of concept vulnerability.

tags | exploit, proof of concept
advisories | CVE-2017-13258, CVE-2017-13260, CVE-2017-13261, CVE-2017-13262
SHA-256 | 99eb32567c7340a388cd09922afb5a94b3797a234d4baf2ff8977aa03764df08
Android DRM Services Buffer Overflow
Posted Mar 15, 2018
Authored by Tamir Zahavi-Brunner

Android DRM services suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-13253
SHA-256 | efb1ce2739b233f90481dfd1618352f64557499ae57c7214a0748615c4651e39
Android Proxy Auto Config (PAC) Crash
Posted Nov 8, 2016
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Android devices can be crashed forcing a halt and then a soft reboot by downloading a large proxy auto config (PAC) file when adjusting the Android networking settings. This can also be exploited by an MITM attacker that can intercept and replace the PAC file. However, the bug is mitigated by multiple factors and the likelihood of exploitation is low.

tags | exploit, denial of service
advisories | CVE-2016-6723
SHA-256 | 9a6a1af684f67a60cc245b0a7841aeca5cc4c686f0d9b20cffcd532b0d7b75f1
Android Qualcomm GPS/GNSS Man-In-The-Middle
Posted Oct 10, 2016
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm. The Android issue was fixed by in the October 2016 Android bulletin. Additional patches have been issued by Qualcomm to the proprietary client in September of 2016.

tags | exploit, java, denial of service
advisories | CVE-2016-5348
SHA-256 | a65dfddf168a89391ed0b8297e76ae23566fa1e4d61a4e69446fbad5e0a2b52b
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close