SHARE
TWEET

CVE-2018-12481

ManhNho Jun 15th, 2018 (edited) 556 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: Ftp Server - Sensitive Data on the Clipboard
  2. # Date: 2018-06-15
  3. # Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
  4. # Version: 1.32 Android App
  5. # Vendor: The Olive Tree
  6. # Exploit Author: ManhNho
  7. # CVE: CVE-2018-12481
  8. # Category: Mobile Apps
  9. # Tested on: Android 6.0
  10.  
  11. ---Description---
  12. While users are typing data in input fields, they can use the clipboard to copy and paste data. The device's apps share the clipboard, so malicious apps can misuse it to access
  13. sensitive data.
  14.  
  15. ---PoC---                                                                        
  16. Start the app, choose "Setting" and click in the input field named "User password" that take sensitive data, the clipboard functionality has not been disabled for this field.
  17. Set user password like: "P@ssw0rd1337", and Copy to clipboard.
  18.  
  19. Using the Drozer module post.capture.clipboard to extract data from the clipboard:
  20. dz> run post.capture.clipboard
  21. [*] Clipboard value: ClipData.Item { T:P@ssw0rd1337 }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top