Guest User

wifiFTPserver

a guest
Apr 22nd, 2019
412
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: WiFi FTP Server 1.8.3 - Credential Disclosure
  2. # Date: 2019-04-08
  3. # Software Link: https://play.google.com/store/apps/details?id=com.medhaapps.wififtpserver&hl=en
  4. # Version: 1.8.3 Android App
  5. # Vendor: Medha Apps
  6. # Exploit Author: Loc Phan Van
  7. # CVE: N/A
  8. # Category: Mobile Apps
  9. # Tested on: Android 8.1
  10.  
  11. # Description
  12. # WiFi FTP Server 1.8.3 Insecure Data Storage, the result of storing confidential
  13. # information insecurely on the system i.e. poor encryption, plain text,
  14. # access control issues etc. Attacker can find out username/password of valid user via
  15. # /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml
  16.  
  17. # PoC
  18.  
  19. <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
  20. <map>
  21. <string name="pref_mount">0</string>
  22. <string name="pref_theme">0</string>
  23. <boolean name="pref_show_password" value="true" />
  24. <boolean name="perf_ftps" value="false" />
  25. <string name="pref_port">2221</string>
  26. <boolean name="perf_anon" value="false" />
  27. <string name="pref_userid">enderphan</string>
  28. <string name="pref_password">P4sswr0d123</string>
  29. <string name="pref_ssl_mode">0</string>
  30. <boolean name="pref_read_only" value="false" />
  31. </map>
RAW Paste Data