CVE-2019-11932 PoC — Facebook WhatsApp 资源管理错误漏洞

Source

https://github.com/5l1v3r1/CVE-2019-11932

Associated Vulnerability

Title:Facebook WhatsApp 资源管理错误漏洞 (CVE-2019-11932)
Description:Facebook WhatsApp是美国Facebook公司的一套利用网络传送短信的移动应用程序。该应用程序通过智能手机中的联络人信息，查找使用该软件的联络人传送文字、图片等。基于Android平台的Facebook WhatsApp 2.19.244之前版本中的libpl_droidsonroids_gif 1.2.18之前版本的decoding.c文件的DDGifSlurp函数存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码或造成拒绝服务。

Description

The exploit works well until WhatsApp version 2.19.230. The vulnerability is official patched in WhatsApp version 2.19.244

Readme

# CVE-2019-11932
 double-free bug in WhatsApp exploit poc.
 
 #Note: make sure to set the listner ip in exploit.c inorder to get shell
 
 nc -lvp 5555 or whatever port.
 
 and then compile.
 
 gcc -o exploit egif_lib.c exploit.c
 
 then run ./exploit and save the content to <filename>.gif
 
 and send to victim.
 
 #Source
 https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/.
 
 #Poc_Video
 https://drive.google.com/file/d/1T-v5XG8yQuiPojeMpOAG6UGr2TYpocIj/view.         
 
 
#News_Article
https://gbhackers.com/whatsapp-double-free-vulnerability/

File Snapshot


 [4.0K]  /data/pocs/90bbae1c347823541e66ccaa65733d667c55f92a
├── [3.3K]  egif_lib.c
├── [5.2K]  exploit.c
├── [ 11K]  gif_lib.h
└── [ 568]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!