Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Ftp Server - Sensitive Data on the Clipboard
- # Date: 2018-06-15
- # Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
- # Version: 1.32 Android App
- # Vendor: The Olive Tree
- # Exploit Author: ManhNho
- # CVE: CVE-2018-12481
- # Category: Mobile Apps
- # Tested on: Android 6.0
- ---Description---
- While users are typing data in input fields, they can use the clipboard to copy and paste data. The device's apps share the clipboard, so malicious apps can misuse it to access
- sensitive data.
- ---PoC---
- Start the app, choose "Setting" and click in the input field named "User password" that take sensitive data, the clipboard functionality has not been disabled for this field.
- Set user password like: "P@ssw0rd1337", and Copy to clipboard.
- Using the Drozer module post.capture.clipboard to extract data from the clipboard:
- dz> run post.capture.clipboard
- [*] Clipboard value: ClipData.Item { T:P@ssw0rd1337 }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement