Skip to content

Instantly share code, notes, and snippets.

View tanprathan's full-sized avatar

Prathan Phongthiproek tanprathan

View GitHub Profile
View SimpleToken.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.6;
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.1.0/contracts/access/Ownable.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.1.0/contracts/token/ERC20/ERC20.sol";
contract ZUSDT is ERC20("ZUSD-T Token", "ZUSD-T"), Ownable {
function mint(uint amount) public onlyOwner {
@tanprathan
tanprathan / CVE-2019-20348.txt
Created January 6, 2020 02:44
OKER CVE-2019-20348
View CVE-2019-20348.txt
> [Description]
> OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART
> serial interface without proper access control. This allows attackers
> with physical access to interrupt the boot sequence in order to execute
> arbitrary commands with root privileges and conduct further attacks.
>
> ------------------------------------------
>
> [Additional Information]
> Proof of Concept: https://www.dropbox.com/s/5ozzv04ddsgst3t/OKER_UART.mp4
@tanprathan
tanprathan / CVE-2018-15543.txt
Last active October 28, 2018 11:04
Telegram CVE-2018-15543 Information
View CVE-2018-15543.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the org.telegram.messenger
> application 4.8.11 for Android. The FingerprintManager class for
> Biometric validation allows authentication bypass through the callback
> method from onAuthenticationFailed to onAuthenticationSucceeded with
> null, because the fingerprint API in conjunction with the
> Android keyGenerator class is not implemented. In other words, an
> attacker could authenticate with an arbitrary fingerprint. NOTE: the
> vendor indicates that this is not an attack of interest within the
> context of their threat model, which excludes Android devices on which
@tanprathan
tanprathan / CVE-2018-15542.txt
Last active October 30, 2018 13:29
Telegram CVE-2018-15542 Information
View CVE-2018-15542.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the org.telegram.messenger
> application 4.8.11 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a certain
> method's return value to true. In other words, an attacker could
> authenticate with an arbitrary passcode. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes Android devices on which rooting has
> occurred.
>
@tanprathan
tanprathan / CVE-2018-13446.txt
Created August 13, 2018 14:09
LINE CVE-2018-13446 Information
View CVE-2018-13446.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line
> application 8.8.1 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a
> certain method's return value to true. In other words, an attacker
> could authenticate with an arbitrary passcode. NOTE: the vendor
> indicates that this is not an attack of interest within the context
> of their threat model, which excludes Android devices on which
> rooting has occurred.
>
@tanprathan
tanprathan / CVE-2018-13435.txt
Last active May 15, 2019 07:04
LINE CVE-2018-13435 Information
View CVE-2018-13435.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application
> 8.8.0 for iOS. The Passcode feature allows authentication bypass via
> runtime manipulation that forces a certain method to disable passcode
> authentication. NOTE: the vendor indicates that this is not an attack
> of interest within the context of their threat model, which excludes
> iOS devices on which a jailbreak has occurred.
>
> ------------------------------------------
>
@tanprathan
tanprathan / CVE-2018-13434.txt
Created August 13, 2018 14:04
LINE CVE-2018-13434 Information
View CVE-2018-13434.txt
> [Ddescription]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application
> 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation
> allows authentication bypass by overriding the LAContext return Boolean
> value to be "true" because the kSecAccessControlUserPresence
> protection mechanism is not used. In other words, an attacker could
> authenticate with an arbitrary fingerprint. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes iOS devices on which a jailbreak has
> occurred.
@tanprathan
tanprathan / CVE-2018-12446.txt
Last active June 20, 2018 13:34
Dropbox CVE-2018-12446 Information
View CVE-2018-12446.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the com.dropbox.android
> application 98.2.2 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a certain
> method's return value to true. In other words, an attacker could
> authenticate with an arbitrary passcode. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes Android devices on which rooting has
> occurred.
>
@tanprathan
tanprathan / CVE-2018-12445.txt
Last active June 19, 2018 04:10
Dropbox CVE-2018-12445 Information
View CVE-2018-12445.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the com.dropbox.android
> application 98.2.2 for Android. The FingerprintManager class for
> Biometric validation allows authentication bypass through the callback
> method from onAuthenticationFailed to onAuthenticationSucceeded with
> null, because the fingerprint API in conjunction with the Android
> keyGenerator class is not implemented. In other words, an attacker
> could authenticate with an arbitrary fingerprint. NOTE: the vendor
> indicates that this is not an attack of interest within the context of
> their threat model, which excludes Android devices on which rooting
@tanprathan
tanprathan / CVE-2018-12271.txt
Last active June 14, 2018 13:08
Dropbox CVE-2018-12271 Information
View CVE-2018-12271.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox
> app 100.2 for iOS. The LAContext class for Biometric (TouchID)
> validation allows authentication bypass by overriding the LAContext
> return Boolean value to be "true" because the
> kSecAccessControlUserPresence protection mechanism is not used. In
> other words, an attacker could authenticate with an arbitrary
> fingerprint. NOTE: the vendor indicates that this is not an attack of
> interest within the context of their threat model, which excludes
> iOS devices on which a jailbreak has occurred.