Soroush Messenger Information Leak Exploit

2018.04.12
ir GIST (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################### # Title : Soroush Messenger Information Leak Exploit # Date : 10 April 2018 # Vendor : https://soroush-app.ir/ # Software : https://android.sapp.ir/ # Author : GIST # Tested on : Android 4.4.2 # Exploit Type : Local # Version : All Versions # Youtube : https://youtu.be/Sl2v4Dh_9r0 ########################################### Description : Soroush Is a Most popular Messanger in iran With 3 mil User In Iran. There Is a problem in this messenger and that is The Sources not encrypted. Also When we send an messsege to the other contacts his phone numbers will save in Local database. We Can View The Sources Just With Installing The CheatDroid and allow the premission. You Can See The Details of the Exploit in youtube Youtube : https://youtu.be/Sl2v4Dh_9r0 Informations : File name : ott.db Database Name : members Strings Leaked : member_nick_name , member_avatar_url , members_avatar_thumbnail_url , members_user_id , members_soroush_id ,members_standars_phone_numb , members_standars_phone_number , members_last_online and ...

References:

https://youtu.be/Sl2v4Dh_9r0


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top