API tools faq
paste
Advertisement
ManhNho

CVE-2018-12481

ManhNho
Jun 15th, 2018
4,499
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.02 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title: Ftp Server - Sensitive Data on the Clipboard
  2. # Date: 2018-06-15
  3. # Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
  4. # Version: 1.32 Android App
  5. # Vendor: The Olive Tree
  6. # Exploit Author: ManhNho
  7. # CVE: CVE-2018-12481
  8. # Category: Mobile Apps
  9. # Tested on: Android 6.0
  10.  
  11. ---Description---
  12. While users are typing data in input fields, they can use the clipboard to copy and paste data. The device's apps share the clipboard, so malicious apps can misuse it to access
  13. sensitive data.
  14.  
  15. ---PoC---
  16. Start the app, choose "Setting" and click in the input field named "User password" that take sensitive data, the clipboard functionality has not been disabled for this field.
  17. Set user password like: "P@ssw0rd1337", and Copy to clipboard.
  18.  
  19. Using the Drozer module post.capture.clipboard to extract data from the clipboard:
  20. dz> run post.capture.clipboard
  21. [*] Clipboard value: ClipData.Item { T:P@ssw0rd1337 }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!