CVE-2018-12481

# Exploit Title: Ftp Server - Sensitive Data on the Clipboard
# Date: 2018-06-15
# Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
# Version: 1.32 Android App
# Vendor: The Olive Tree
# Exploit Author: ManhNho
# CVE: CVE-2018-12481
# Category: Mobile Apps
# Tested on: Android 6.0

---Description---
While users are typing data in input fields, they can use the clipboard to copy and paste data. The device's apps share the clipboard, so malicious apps can misuse it to access
sensitive data.

---PoC---
Start the app, choose "Setting" and click in the input field named "User password" that take sensitive data, the clipboard functionality has not been disabled for this field.
Set user password like: "P@ssw0rd1337", and Copy to clipboard.

Using the Drozer module post.capture.clipboard to extract data from the clipboard:
dz> run post.capture.clipboard
[*] Clipboard value: ClipData.Item { T:P@ssw0rd1337 }
✅ Leaked Exploit Documentation:

https://docs.google.com/document/d/1dOCZEHS5JtM51RITOJzbS4o3hZ-__wTTRXQkV1MexNQ/edit?usp=sharing

This made me $13,000 in 2 days.

Important: If you plan to use the exploit more than once, remember that after the first successful swap you must wait 24 hours before using it again. Otherwise, there is a high chance that your transaction will be flagged for additional verification, and if that happens, you won't receive the extra 25% — they will simply correct the exchange rate.
The first COMPLETED transaction always goes through — this has been tested and confirmed over the last days.

Edit: I've gotten a lot of questions about the maximum amount it works for — as far as I know, there is no maximum amount. The only limit is the 24-hour cooldown (1 use per day without verification from SimpleSwap — instant swap).