CVE-2019-11932 PoC — Facebook WhatsApp 资源管理错误漏洞

Source

https://github.com/tucommenceapousser/CVE-2019-11932

Associated Vulnerability

Title:Facebook WhatsApp 资源管理错误漏洞 (CVE-2019-11932)
Description:Facebook WhatsApp是美国Facebook公司的一套利用网络传送短信的移动应用程序。该应用程序通过智能手机中的联络人信息，查找使用该软件的联络人传送文字、图片等。基于Android平台的Facebook WhatsApp 2.19.244之前版本中的libpl_droidsonroids_gif 1.2.18之前版本的decoding.c文件的DDGifSlurp函数存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码或造成拒绝服务。

Description

Double-Free BUG in WhatsApp exploit poc.

Readme

# CVE-2019-11932
Double-Free BUG in WhatsApp exploit poc.
## Usage
```bash
bash create.sh
```
## clone on replit and run
[![Run on Replit](https://replit.com/badge/github/tucommenceapousser/CVE-2019-11932)](https://replit.com/github/tucommenceapousser/CVE-2019-11932)

## Manually
```bash
nc -lvp 5555 or whatever port.
```
and then compile.
```
gcc -o exp egif_lib.c exploit.c
```
then run 
```bash
./exp
```
 and save the content to .gif

and send to victim.

File Snapshot


 [4.0K]  /data/pocs/911a0a7d460111acdcdfc407f96b5279ca5150f4
├── [ 800]  create.sh
├── [3.3K]  egif_lib.c
├── [5.2K]  exploit.c
├── [ 11K]  gif_lib.h
├── [1.2K]  LICENSE
├── [  42]  MakeFile
├── [ 461]  README.md
└── [  81]  replit.nix

0 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!