7bbc323854
20 changes to exploits/shellcodes Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Microsoft Edge Chakra JIT - Magic Value Type Confusion AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read MakeMyTrip 7.2.4 - Information Disclosure Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Microsoft Windows - 'POP/MOV SS' Privilege Escalation Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting Zechat 1.5 - SQL Injection / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Private Message PHP Script 2.0 - Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Nordex N149/4.0-4.5 - SQL Injection WebSocket Live Chat - Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting PaulPrinting CMS Printing 1.0 - SQL Injection iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery ERPnext 11 - Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Feedy RSS News Ticker 2.0 - 'cat' SQL Injection NewsBee CMS 1.4 - 'download.php' SQL Injection Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
24 lines
No EOL
1.1 KiB
Text
24 lines
No EOL
1.1 KiB
Text
# Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files
|
||
# Date: 2018-05-21
|
||
# Software Link: MakeMyTrip v7.2.4 Android Application
|
||
# Exploit Author: Divya Jain
|
||
# Version: 7.2.4 Android App
|
||
# CVE: CVE-2018-11242
|
||
# Category: Mobileapps
|
||
# Tested on: Android v5.1
|
||
|
||
# 1. Description
|
||
# Android application folder was found to contain SQLite database files in the following subdirectory
|
||
# data/com.makemytrip/Cache and data/com.makemytrip/databses. This directory is used to store the application’s databases.
|
||
# The confidential information can be retrieved from the SQLite databases and stored in cleartext.
|
||
# As an impact it is known to affect confidentiality, integrity, and availability.
|
||
|
||
# 2. Proof-of-Concept
|
||
# The successful exploitation needs a single authentication and filesystem can be accessed, after rooting an android device.
|
||
# After accessing the directories below
|
||
|
||
/data/com.makemytrip/databases/
|
||
/data/com.makemytrip/cache/
|
||
|
||
# Above directories can be seen with unencrypted version of database files stored in the device
|
||
# which can further lead to sensitive information disclosure. |