daily pastebin goal
65%
SHARE
TWEET

CVE-2018-11544

ManhNho May 29th, 2018 (edited) 202 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: Ftp Server - Insecure Data Storage
  2. # Date: 2018-05-29
  3. # Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
  4. # Version: 1.32 Android App
  5. # Vendor: The Olive Tree
  6. # Exploit Author: ManhNho
  7. # CVE: CVE-2018-11544
  8. # Category: Mobile Apps
  9. # Tested on: Android 4.4
  10.  
  11. ---Description---
  12. Ftp Server 1.32 Insecure Data Storage, the result of storing confidential information insecurely
  13. on the system i.e. poor encryption, plain text, access control issues etc.
  14. Attacker can find out username/password of valid user via /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml
  15.  
  16. ---PoC---                                                                        
  17. <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
  18. <map>
  19.     <string name="prefPort">2221</string>
  20.     <string name="prefPasivePort">2300-2399</string>
  21.     <string name="prefUserpass">ManhNho</string>
  22.     <boolean name="prefEnergySave" value="false" />
  23.     <boolean name="prefShowHidden" value="false" />
  24.     <boolean name="prefShowCredentials" value="true" />
  25.     <string name="prefInterfaces">0</string>
  26.     <string name="prefHomeDir">1</string>
  27.     <string name="prefUsername">ManhNho</string>
  28.     <boolean name="prefReadonly" value="false" />
  29.     <boolean name="prefAnonymous" value="true" />
  30.     <boolean name="prefForeground" value="true" />
  31. </map>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top