CVE-2019-11932 PoC — Facebook WhatsApp 资源管理错误漏洞

Source

https://github.com/Err0r-ICA/WhatsPayloadRCE

Associated Vulnerability

Title:Facebook WhatsApp 资源管理错误漏洞 (CVE-2019-11932)
Description:Facebook WhatsApp是美国Facebook公司的一套利用网络传送短信的移动应用程序。该应用程序通过智能手机中的联络人信息，查找使用该软件的联络人传送文字、图片等。基于Android平台的Facebook WhatsApp 2.19.244之前版本中的libpl_droidsonroids_gif 1.2.18之前版本的decoding.c文件的DDGifSlurp函数存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码或造成拒绝服务。

Description

Whatsapp Automatic Payload Generator [CVE-2019-11932]

Readme

# WhatsPayloadRCE

This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution)

1. Auto install GCC (no harm command, you can see this is open-source)
2. Saving to **.GIF** file

## How To Use ?
```
sudo apt install git
git clone https://github.com/Err0r-ICA/WhatsPayloadRCE
cd WhatsPayloadRCE && bash start
```

## Screenshot 
![Screenshot](https://i.postimg.cc/L9yF7dkb/Screenshot-20200422-225622-Termux.jpg) 

## How Get Shell ?

1. You just send the **.GIF** file to victim user **AS A DOCUMENT NOT IMAGES**
2. And set the nc / netcat to port you set on the WhatsRCE tools {**nc -lnvp your_port**}
3. You can use the Social Engineering attack so that victims can be attracted to launch this exploit
4. Tell the victim to open the gallery via whatsapp and send the victim to send any phot.os After that a few seconds later you will receive a shell connection from the victim

## How To Avoid This Attack?

1. Update your whatsapp to the latest version **(Patched on Version 2.19.244)**
2. How to receive any file including audio images and others from people we don't know

### Thanks to [awakened1712](https://awakened1712.github.io/) - [Edo Maland](https://github.com/Screetsec/) - [IndoXploit](https://indoxploit.or.id)

#### **This is only for learning, consequences etc. if you use it for a crime I am not responsible!**

### My Accounts

* [TELEGRAM](https://t.me/termuxxhacking)

* [FACEBOOK](https://www.facebook.com/termuxxhacking)

* [INSTAGRAM](https://instagram.com/termux_hacking)

[![Build-passing](https://img.shields.io/badge/build-passing-red.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues) [![Stars](https://img.shields.io/open-vsx/stars/Redhat/Java.svg?style=plastic&color=orange)](https://github.com/Err0r-ICA/SpeedTest/issues) [![Coverage](https://img.shields.io/azure-devops/coverage/Swellaby/Opensource/25?color=yellow&style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

[![Maintainers](https://img.shields.io/badge/mainteiners-HackBoyz-green.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues) [![coded](https://img.shields.io/badge/coded%20in-bash-mintgreen.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

[![Status](https://img.shields.io/badge/code%20status-encrypted-cyan.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues) [![License](https://img.shields.io/badge/license-MIT-blueviolet.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

[![Test](https://img.shields.io/badge/tested%20on-Termux,%20Kali%20Linux,%20Ubuntu,%20Parrot%20OS,%20Debian,%20ANDRAX%20Mobile-%23ff69b4.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

File Snapshot


 [4.0K]  /data/pocs/664627de4b1c268842ffe0e2fb1ce3b6ce5127f5
├── [3.3K]  egif_lib.c
├── [5.3K]  exploit.c
├── [ 36K]  generate
├── [ 11K]  gif_lib.h
├── [2.6K]  README.md
└── [7.2K]  start.sh

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!