Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-11932 PoC — Facebook WhatsApp 资源管理错误漏洞

Source
https://github.com/valbrux/CVE-2019-11932-SupportApp
Associated Vulnerability
Title:Facebook WhatsApp 资源管理错误漏洞 (CVE-2019-11932)
Description:Facebook WhatsApp是美国Facebook公司的一套利用网络传送短信的移动应用程序。该应用程序通过智能手机中的联络人信息,查找使用该软件的联络人传送文字、图片等。 基于Android平台的Facebook WhatsApp 2.19.244之前版本中的libpl_droidsonroids_gif 1.2.18之前版本的decoding.c文件的DDGifSlurp函数存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码或造成拒绝服务。
Description
This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
Readme
# CVE-2019-11932-SupportApp
This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
File Snapshot

 [4.0K]  /data/pocs/aa0479d46a975116aaf7cbcfe1ba0fe353ec50e1
├── [4.0K]  app
│   ├── [1.1K]  build.gradle
│   ├── [ 751]  proguard-rules.pro
│   └── [4.0K]  src
│       ├── [4.0K]  androidTest
│       │   └── [4.0K]  java
│       │       └── [4.0K]  com
│       │           └── [4.0K]  valbrux
│       │               └── [4.0K]  myapplication
│       │                   └── [ 766]  ExampleInstrumentedTest.java
│       ├── [4.0K]  main
│       │   ├── [ 719]  AndroidManifest.xml
│       │   ├── [4.0K]  cpp
│       │   │   ├── [1.7K]  CMakeLists.txt
│       │   │   └── [2.4K]  native-lib.cpp
│       │   ├── [4.0K]  java
│       │   │   └── [4.0K]  com
│       │   │       └── [4.0K]  valbrux
│       │   │           └── [4.0K]  myapplication
│       │   │               └── [ 854]  MainActivity.java
│       │   └── [4.0K]  res
│       │       ├── [4.0K]  drawable
│       │       │   └── [5.5K]  ic_launcher_background.xml
│       │       ├── [4.0K]  drawable-v24
│       │       │   └── [1.8K]  ic_launcher_foreground.xml
│       │       ├── [4.0K]  layout
│       │       │   └── [1.2K]  activity_main.xml
│       │       ├── [4.0K]  mipmap-anydpi-v26
│       │       │   ├── [ 272]  ic_launcher_round.xml
│       │       │   └── [ 272]  ic_launcher.xml
│       │       ├── [4.0K]  mipmap-hdpi
│       │       │   ├── [2.9K]  ic_launcher.png
│       │       │   └── [4.8K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-mdpi
│       │       │   ├── [2.0K]  ic_launcher.png
│       │       │   └── [2.7K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xhdpi
│       │       │   ├── [4.4K]  ic_launcher.png
│       │       │   └── [6.7K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xxhdpi
│       │       │   ├── [6.2K]  ic_launcher.png
│       │       │   └── [ 10K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xxxhdpi
│       │       │   ├── [8.9K]  ic_launcher.png
│       │       │   └── [ 15K]  ic_launcher_round.png
│       │       └── [4.0K]  values
│       │           ├── [ 208]  colors.xml
│       │           ├── [  77]  strings.xml
│       │           └── [ 383]  styles.xml
│       └── [4.0K]  test
│           └── [4.0K]  java
│               └── [4.0K]  com
│                   └── [4.0K]  valbrux
│                       └── [4.0K]  myapplication
│                           └── [ 386]  ExampleUnitTest.java
├── [ 558]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 53K]  gradle-wrapper.jar
│       └── [ 233]  gradle-wrapper.properties
├── [1.0K]  gradle.properties
├── [5.2K]  gradlew
├── [2.1K]  gradlew.bat
├── [ 297]  README.md
└── [  49]  settings.gradle

31 directories, 34 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.