Exploits / Vulnerability Discovered : 2019-05-28 |
Type : local |
Platform : android
This exploit / vulnerability Equitypandit 1.0 password disclosure is for educational purposes only and if it is used you will do on your own risk!
- Sometimes developers keeps sensitive data logged into the developer
console. Thus, attacker easy to capture sensitive information like password.
- In this application, with adb, attacker can capture password of any
users via forgot password function.
#Requirement:
- Santoku virtual machine
- Android virtual machine (installed "EquityPandit" apk file)
- Victim user/password: victim@abc.com/123456
- Exploit code named capture.py in Santoku vm as below:
- Step 1: From Santoku, use adb to connect to Android machine (x.x.x.x)
adb connect x.x.x.x
- Step 2: From Android machine, open EquityPandit, click forgot password
function for acccount "victim@abc.com" and then click submit
- Step 3: From Santoku, execute capture.py
- Actual: Password of "victim@abc.com" will be show in terminal as
"123456"