momo

1. #Application: Momo
2. #Platform: Android
3. #Version: 2.1.9
4. #Severity: Medium
5. #Author: Loc Phan Van
6. #Impact: non-root user to find out the username/password of a valid user and user's access token via logcat
7.  
8. POC:
9.  
10. 1. Find application process
11. adb shell "ps -A" | grep momo
12.  
13. 2. Look for logcat information
14. adb logcat| <momo-app-process>
15.  
16. 3. Navigate to change password
17.  
18. 4. The sensitive information of user printed via logcat
19.  
20. 5283 1 ReactNattves: [1553166852873000000]Request ->https://owa.momo.vn:443/ap 03-21 5208 t Body: {"user" : "0976739197" , "msgrype" : "CHANGE PIN , " " cmdld " "tang" : "vt" , "channel" : " " : "1553166852873000000 , APP" , "time" : 1553166852873, " appver" : 21091, " appcode" : "2.1.9" , "deviceos " : "ANDROID " , " result" : true , "errorcode " " : " " , "extra " : checksum " : "CSBC1qqMf9wm20RCWQgUcv11ZIU7USDBB+HQZt032hk/hcvgMAJzrvwJCG05ZC18MFO :O, "errorDesc "momoMsg" : {"_class" : "mservtce . backend . entity . msg . Changeptnmsg , " " newPin ' " : ' 111212" , "oldPin " : "131645" , " agentReference " : "0976736548"} , " pass " : "131645"
21.  
22. 5283 1 ReactNattves: momomodel.js-token: eyJoeXAtotJKVIQtLCJhbGctotJ1uz11NtJ9. 03-21 5208 eync2VY1jotMDk3Njcz0TE5NY1s1napbt161jEIMT15NC1s1m1tZWktotJhzjQ2M210Nt1mMT1jLTRIY2mtYTE2zt11MDgyzrommmFtz mmtLCJPYXQtOjEINTMXNjYZODYS1mV4CC16MTUIMZE20Tk4NnO.gzb61c1F8ZOT3TIFujb29-YEsk1CJ4BE33mH tav6au