关联漏洞
描述
Proof of concept of CVE-2017-0807
介绍
# Proof of concept of CVE-2017-0807
This is a demo application with deliberately sloppy interface for the CVE-2017-0807 reported by Efthimios Alepis and Constantinos Patsakis.
The vulnerability illustrates that due to security issues in every Android version up to Nougat, an unprivileged user can overlay almost every Android interface and trick the user into getting his input. In the demo we overlay a screen which makes our app administrator of the device, however, there are numerous other possibilities to exploit this vulnerability. Contrary to other attacks, e.g. cloak and dagger our attack does not request any dangerous or system permission like SYSTEM ALERT WINDOW.
A video which showcases the issue can be found [here](https://www.youtube.com/watch?v=zX4KckkNGdQ).
For more details the interested reader may refer to:
*Alepis, Efthimios, and Constantinos Patsakis. "Trapped by the UI: The Android case." International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, 2017.* [Link](https://link.springer.com/chapter/10.1007/978-3-319-66332-6_15)
# External links
[NIST](https://nvd.nist.gov/vuln/detail/CVE-2017-0807)
[Pixel / Nexus Security Bulletin—October 2017](https://source.android.com/security/bulletin/pixel/2017-10-01)
This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the [OPERANDO](https://www.operando.eu) project (Grant Agreement no. 653704) and is based upon work from COST Action [CRYPTACUS](https://www.cryptacus.eu), supported by COST (European Cooperation in Science and Technology).
文件快照
[4.0K] /data/pocs/d568bc1a274ea1f1443f83fdb9198226ffafbef0
├── [4.0K] app
│ ├── [1.3M] app-release.apk
│ ├── [ 915] build.gradle
│ ├── [ 661] proguard-rules.pro
│ └── [4.0K] src
│ ├── [4.0K] androidTest
│ │ └── [4.0K] java
│ │ └── [4.0K] com
│ │ └── [4.0K] raid2017
│ │ └── [4.0K] bogus
│ │ └── [4.0K] a1admin2rulethemall
│ │ └── [ 806] ExampleInstrumentedTest.java
│ ├── [4.0K] main
│ │ ├── [1.5K] AndroidManifest.xml
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] com
│ │ │ └── [4.0K] raid2017
│ │ │ └── [4.0K] bogus
│ │ │ └── [4.0K] a1admin2rulethemall
│ │ │ ├── [ 209] AdminReceiver.java
│ │ │ ├── [1.0K] Main2Activity.java
│ │ │ └── [1.3K] MainActivity.java
│ │ └── [4.0K] res
│ │ ├── [4.0K] drawable
│ │ │ └── [ 14K] ninja.jpg
│ │ ├── [4.0K] layout
│ │ │ ├── [1001] activity_main2.xml
│ │ │ └── [1.1K] activity_main.xml
│ │ ├── [4.0K] mipmap-hdpi
│ │ │ └── [3.3K] ic_launcher.png
│ │ ├── [4.0K] mipmap-mdpi
│ │ │ └── [2.2K] ic_launcher.png
│ │ ├── [4.0K] mipmap-xhdpi
│ │ │ └── [4.7K] ic_launcher.png
│ │ ├── [4.0K] mipmap-xxhdpi
│ │ │ └── [7.5K] ic_launcher.png
│ │ ├── [4.0K] mipmap-xxxhdpi
│ │ │ └── [ 10K] ic_launcher.png
│ │ ├── [4.0K] values
│ │ │ ├── [ 214] colors.xml
│ │ │ ├── [ 216] dimens.xml
│ │ │ ├── [ 84] strings.xml
│ │ │ └── [ 978] styles.xml
│ │ ├── [4.0K] values-w820dp
│ │ │ └── [ 364] dimens.xml
│ │ └── [4.0K] xml
│ │ └── [ 263] device_admin.xml
│ └── [4.0K] test
│ └── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] raid2017
│ └── [4.0K] bogus
│ └── [4.0K] a1admin2rulethemall
│ └── [ 432] ExampleUnitTest.java
├── [ 521] build.gradle
├── [4.0K] gradle
│ └── [4.0K] wrapper
│ ├── [ 52K] gradle-wrapper.jar
│ └── [ 236] gradle-wrapper.properties
├── [ 747] gradle.properties
├── [4.9K] gradlew
├── [2.3K] gradlew.bat
├── [ 34K] LICENSE
├── [1.6K] README.md
└── [ 16] settings.gradle
33 directories, 32 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。