Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2017-11566
> Appuse 4.0 allows shell command injection via a proxy field.
>
> ------------------------------------------
>
> [Additional Information]
> The vendor's position is that a fix is a low priority because the
> attacker must be on the same machine.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> RCE
>
> ------------------------------------------
>
> [Vendor of Product]
> Appsec labs
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Appuse - 4.0
>
> ------------------------------------------
>
> [Affected Component]
> GET RCE with root
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> an attacker could perform command injection in the Appuse proxy setting IP field -
> Linux executes this as root
>
> ------------------------------------------
>
> [Reference]
> https://sourceforge.net/projects/appuse-android-pentest/
>
> ------------------------------------------
>
> [Discoverer]
CHT Security-hans
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.