MakeMyTrip 7.2.4 - Information Disclosure - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日3年前

# Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files
# Date: 2018-05-21
# Software Link: MakeMyTrip v7.2.4 Android Application 
# Exploit Author: Divya Jain
# Version: 7.2.4 Android App
# CVE: CVE-2018-11242
# Category: Mobileapps
# Tested on: Android v5.1

# 1. Description
# Android application folder was found to contain SQLite database files in the following subdirectory
# data/com.makemytrip/Cache and data/com.makemytrip/databses. This directory is used to store the application’s databases. 
# The confidential information can be retrieved from the SQLite databases and stored in cleartext.  
# As an impact it is known to affect confidentiality, integrity, and availability.

# 2. Proof-of-Concept
# The successful exploitation needs a single authentication and filesystem can be accessed, after rooting an android device.
# After accessing the directories below

/data/com.makemytrip/databases/
/data/com.makemytrip/cache/

# Above directories can be seen with unencrypted version of database files stored in the device
# which can further lead to sensitive information disclosure.

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

MakeMyTrip 7.2.4 - Information Disclosure

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索