Skip to content

Instantly share code, notes, and snippets.

@shiham101
Last active January 31, 2019 08:00
Show Gist options
  • Save shiham101/4807e3dea54ee0f0456c47fcd1400e97 to your computer and use it in GitHub Desktop.
Save shiham101/4807e3dea54ee0f0456c47fcd1400e97 to your computer and use it in GitHub Desktop.
CVE-2017-11566
> Appuse 4.0 allows shell command injection via a proxy field.
>
> ------------------------------------------
>
> [Additional Information]
> The vendor's position is that a fix is a low priority because the
> attacker must be on the same machine.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> RCE
>
> ------------------------------------------
>
> [Vendor of Product]
> Appsec labs
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Appuse - 4.0
>
> ------------------------------------------
>
> [Affected Component]
> GET RCE with root
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> an attacker could perform command injection in the Appuse proxy setting IP field -
> Linux executes this as root
>
> ------------------------------------------
>
> [Reference]
> https://sourceforge.net/projects/appuse-android-pentest/
>
> ------------------------------------------
>
> [Discoverer]
CHT Security-hans
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment