Tasks 9.7.3 - Insecure Permissions

Exploit Title: Tasks 9.7.3 - Insecure Permissions Date: 18th of July, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ Vendor Homepage: https://tasks.org/ Software Link:...

Tasks 9.7.3 - Insecure Permissions Vulnerability

Exploit Title: Tasks 9.7.3 - Insecure Permissions Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ Vendor Homepage: https://tasks.org/ Software Link: https://github.com/tasks/tasks...

Tasks 9.7.3 Insecure Permissions

Exploit Title: Tasks 9.7.3 - Insecure Permissions Date: 18th of July, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ Vendor Homepage: https://tasks.org/ Software Link:...

Nextcloud: Passcode Protection in Android Devices Can be Bypassed.

What is The Vulnerability? The Passcode can be bypassed by calling a MainLoginActivity which is com.owncloud.android.ui.activity.FileDisplayActivity , We have successfully bypassed the passcode and are redirected to the App's User Interface. of the user’s credentials: Android Version: 9 Non Roote...

1Password Denial Of Service

Description The 1Password application 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application...

Design/Logic Flaw

The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module...

CVE-2018-12481

The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module...

CVE-2018-12481

The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module...

CVE-2018-12481

The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module...

Nextcloud: SQL Injection found in NextCloud Android App Content Provider

Using Drozer, we identified com.nextcloud.client is vulnerable to Sql Injection here is output from drozer: dz run scanner.provider.injection -a com.nextcloud.client Scanning com.nextcloud.client... Not Vulnerable: content://com.nextcloud.android.providers.UsersAndGroupsSearchProvider...

Android Pentesting Portable Integrated Environment: Appie

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...

Mail.ru: Activities are not Protected and able to crash app using other app (Can Malware or third parry app).

Name : ru.mail.mailapp-10570.apk Size : 11.02MB MD5 : 7600e180a1616c7ebb1b1514e23b7d19 Package: ru.mail.mailapp ru.mail.registration.RegistrationActivity ru.mail.ui.writemail.FeedbackActivity ru.mail.ui.writemail.ForwardActivity ru.mail.ui.writemail.ReplyActivity ru.mail.ui.writemail.DraftActivit...

Faceless: Bypass Setup by External Activity Invoke

Tool Used: Drozer Operating System: Android Kitkat 4.4.2 Note: Make sure the application is running on the device connected to the system. 1. With the help of Drozer tool, list down the activities exported by the application using the following command: run app.activity.info -a im.delight.faceles...

Appie - Android Pentesting Portable Integrated Environment

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick.This is a one stop answer for all the tools needed in Android Application Security Assessment. Difference between Appie and existing...

Drozer - The Leading Security Assessment Framework for Android

drozer is a comprehensive security audit and attack framework for Android. With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android...

Design/Logic Flaw

The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework...