Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-12717 PoC — COVIDSafe app 输入验证错误漏洞

Source
https://github.com/wabzqem/covidsafe-CVE-2020-12717-exploit
Associated Vulnerability
Title:COVIDSafe app 输入验证错误漏洞 (CVE-2020-12717)
Description:COVIDSafe app是澳大利亚的一款冠状病毒接触者追踪应用程序。 基于IOS系统的COVIDSafe app 1.0版本和1.1版本中存在安全漏洞。远程攻击者可借助蓝牙发送特制的广告利用该漏洞导致应用程序崩溃(拒绝服务)。
Description
Code for exploit for CVE-2020-12717
Readme
# What

This is the code for the demonstration of the COVIDSafe exploit in
[![](http://img.youtube.com/vi/7UdVHB1ohNo/0.jpg)](http://www.youtube.com/watch?v=7UdVHB1ohNo "")

See https://medium.com/@wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708 for more information


## Server
This has to be run on linux. It uses @abandonware/bleno nodejs module (you need nodejs10), which trivially allows setting advertising bytes for the gatt server.

I run this on Linux Mint, in VirtualBox, adding a USB Bluetooth adapter to pass through. Install the requirements as per bleno's intructions, they are still current.

It runs an express server, with a very simple interface:

`http://0.0.0.0:3000/start` - starts advertising with exploit advertisement

`http://0.0.0.0:3000/stop` - stops advertising

## Client

A super simple Material Angular application. If you set up a Host-only Adapter for VirtualBox, you can connect to the server in the VM. Simply toggle to hit the APIs. See the site/README.md for details on how to run it.
File Snapshot

 [4.0K]  /data/pocs/b0e76b3cb49b4157a5ff5943c8040584d9964712
├── [1.0K]  README.md
├── [4.0K]  server
│   ├── [3.8K]  index.js
│   └── [ 58K]  package-lock.json
└── [4.0K]  site
    ├── [3.7K]  angular.json
    ├── [ 429]  browserslist
    ├── [4.0K]  e2e
    │   ├── [ 808]  protractor.conf.js
    │   ├── [4.0K]  src
    │   │   ├── [ 637]  app.e2e-spec.ts
    │   │   └── [ 301]  app.po.ts
    │   └── [ 214]  tsconfig.json
    ├── [1016]  karma.conf.js
    ├── [1.4K]  package.json
    ├── [492K]  package-lock.json
    ├── [1021]  README.md
    ├── [4.0K]  src
    │   ├── [4.0K]  app
    │   │   ├── [   0]  app.component.css
    │   │   ├── [ 570]  app.component.html
    │   │   ├── [ 936]  app.component.spec.ts
    │   │   ├── [ 743]  app.component.ts
    │   │   └── [ 831]  app.module.ts
    │   ├── [4.0K]  assets
    │   ├── [4.0K]  environments
    │   │   ├── [  51]  environment.prod.ts
    │   │   └── [ 662]  environment.ts
    │   ├── [ 948]  favicon.ico
    │   ├── [ 536]  index.html
    │   ├── [ 372]  main.ts
    │   ├── [2.8K]  polyfills.ts
    │   ├── [ 180]  styles.css
    │   └── [ 753]  test.ts
    ├── [ 210]  tsconfig.app.json
    ├── [ 489]  tsconfig.json
    ├── [ 270]  tsconfig.spec.json
    └── [3.1K]  tslint.json

8 directories, 30 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.