CVE-2017-13156 PoC — Android System(art) 权限许可和访问控制问题漏洞

Source

https://github.com/M507/CVE-2017-13156

Associated Vulnerability

Title:Android System(art) 权限许可和访问控制问题漏洞 (CVE-2017-13156)
Description:Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。System（art）是使用在其中的一个ART模式运行环境。 Android中的System(art)存在提权漏洞。远程攻击者可利用该漏洞提升权限。以下版本受到影响：Android 5.1.1版本，6.0版本，6.0.1版本，7.0版本，7.1.1版本，7.1.2版本，8.0版本。

Description

To determine if an APK is vulnerable to CVE-2017-13156

Readme

### Check-CVE-2017-13156.py


```sh
root@ubuntu:~/CVE-2017-13156$ pip install androguard
root@ubuntu:~/CVE-2017-13156$ python Check-CVE-2017-13156.py InsecureBankv2.apk

Checking if InsecureBankv2.apk is vulnerable to CVE-2017-13156 vulnerability

InsecureBankv2.apk md5: 5ee4829065640f9c936ac861d1650ffc

InsecureBankv2.apk is signed
v1 scheme: True
v2 scheme: False
v3 scheme: False
minSdkVersion: 15 
InsecureBankv2.apk 5ee4829065640f9c936ac861d1650ffc is VULNERABLE
InsecureBankv2.apk can be exploited on devices running Android version < 8.0.0
```

File Snapshot


 [4.0K]  /data/pocs/04ed48f77cca8d8544738de842049d2887228963
├── [1.8K]  Check-CVE-2017-13156.py
└── [ 552]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!