您当前位置: 首页 »

漏洞预警

分类目录归档: 漏洞预警

CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager

CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager

INTRODUCTION
==================================
In Android <5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone (need permission check)
readmore

CVE-2014-8610 Android < 5.0 SMS resend vulnerability

CVE-2014-8610 Android < 5.0 SMS resend vulnerability

INTRODUCTION
==================================
In Android <5.0, an unprivileged app can resend all the SMS stored in the user's phone to their corresponding recipients or senders (without user interaction).
No matter whether these SMS are sent to or received from other people. This may leads to undesired cost to user.
Even the worse, since Android also allow unprivileged app to create draft SMS, combined with this trick, bad app can send any SMS without privilege requirement.
readmore

CVE-2014-8609 Android Settings application privilege leakage vulnerability

CVE-2014-8609 Android Settings application privilege leakage vulnerability

INTRODUCTION
==================================
In Android <5.0 (and maybe >= 4.0), Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party application, bad app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid. Thus bad app can broadcast sensitive intent with the permission of SYSTEM.
readmore

关于RFD漏洞利用的一些思路

Black Hat Europe 2014会议上公布了一种新型的web攻击方式,即RFD(Reflected-File-Download)。Wooyun Drops也发布了关于此攻击方式的介绍。作者提到的利用方式要求攻击者可控文件名和内容,且非浏览器正常解析的content-type。我们对此漏洞利用做了分析跟进,发现结合部分浏览器html5的特性实现的BUG后,扩大了漏洞的利用场景。

还是先来看下Oren Hafif在google利用的例子。在facebook中插入的一个google链接

facebook

readmore