lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CANmV1-p_Ohz-dhS4K=w+q0Xyb=BS6jn7UE=E-jZL5YNpXzs+rw@mail.gmail.com>
Date: Wed, 27 Feb 2019 00:05:50 +0200
From: RedForce Advisory <advisory@...force.ae>
To: "fulldisclosure@...lists.org <fulldisclosure@...lists.org>, ,
 bugtraq@...urityfocus.com" <fulldisclosure@...lists.org>
Subject: [FD] SHAREit for Android Authentication Bypass and Remote File
	Download

RedForce Advisory
https://redforce.io


## ِAdvisory Information
Title: SHAREit For Android <= 4.0.38 Multiple Vulnerabilities
Advisory URL:
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
Date published: 2019-02-25
Date of last update: 2019-02-25
Vendors contacted: Beijing Shareit Information Technology Co., Ltd.

## Introduction

SHAREit for Android is a popular application used for file transfer
among cross-platform devices using WiFi. It is considered one of the
most popular Android applications with over 500 million downloads
(+950M downloads according to [AndroidRank database]
(https://www.androidrank.org/application/shareit_transfer_share/com.lenovo.anyshare.gps?hl=en)
) .

## Vulnerability Description
SHAREit for Android <= 4.0.38 was found to be prone to multiple high
severity vulnerabilities that enable a remote attacker -on the same
network or joining public "open" WiFi hotspots created by the
application when file transfer is initiated- to download arbitrary
files from user's device including contacts, photos, videos, sound
clips...etc.

Full vulnerability technical details can be found in our advisory (
https://blog.redforce.io/shareit-vulnerabilities-enable-unrestricted-access-to-adjacent-devices-files/
)

## Proof of Concept
### Quick Demo
https://www.youtube.com/watch?v=Q4kk4FvrH6g

### Full Length Proof of Concept (GUI and AutoPwn modules)
https://www.youtube.com/watch?v=xzoJXBCznWc

### Exploit Code (dubbed DUMPit)
https://github.com/redforcesec/DUMPit/


## Credits
These vulnerabilities were discovered and researched by Abdulrahman Nour
from RedForce.

## About RedForce
RedForce is an information security consultancy firm consists of a
team of experts in the offensive security field. By using the latest
techniques, methodologies and attack simulation from an adversary
prospective, we make sure that your organization is approaching the
best practice to mitigate the risk at the lowest cost. We approach our
offensive services from a holistic approach. Our aim is to contribute
to the efforts of our customers in securing the critical IT
infrastructure and crown jewels within their IT landscape. For more
information, please visit https://redforce.io

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ