Lucene search
Divya Jain1337DAY-ID-30416HistoryMay 22, 2018 - 12:00 a.m.
MakeMyTrip 7.2.4 - Information Disclosure Vulnerability
2018-05-2200:00:00
Divya Jain
0day.today
24
EPSS
0.005
Percentile
75.7%
Exploit for Android platform in category local exploits
# Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files
# Software Link: MakeMyTrip v7.2.4 Android Application
# Exploit Author: Divya Jain
# Version: 7.2.4 Android App
# CVE: CVE-2018-11242
# Category: Mobileapps
# Tested on: Android v5.1
# 1. Description
# Android application folder was found to contain SQLite database files in the following subdirectory
# data/com.makemytrip/Cache and data/com.makemytrip/databses. This directory is used to store the applicationβs databases.
# The confidential information can be retrieved from the SQLite databases and stored in cleartext.
# As an impact it is known to affect confidentiality, integrity, and availability.
# 2. Proof-of-Concept
# The successful exploitation needs a single authentication and filesystem can be accessed, after rooting an android device.
# After accessing the directories below
/data/com.makemytrip/databases/
/data/com.makemytrip/cache/
# Above directories can be seen with unencrypted version of database files stored in the device
# which can further lead to sensitive information disclosure.
# 0day.today [2018-05-23] #Related
prion
prion
Information disclosure
2018-05-20 14:29:00
exploitpack
exploitpack
MakeMyTrip 7.2.4 - Information Disclosure
2018-05-22 00:00:00
exploitdb
exploitdb
MakeMyTrip 7.2.4 - Information Disclosure
2018-05-22 00:00:00
nvd
nvd
CVE-2018-11242
2018-05-20 14:29:00
cve
cve
CVE-2018-11242
2018-05-20 14:29:00
cvelist
cvelist
CVE-2018-11242
2018-05-20 14:00:00