SQL injection vulnerability exists in Free Music(CVE-2023-27649)
Vendor:Trusted Tools (https://bestools.group/)
Affected product:Free Music (freemusic.download.musicplayer.mp3player)
Version:2.1.0.47, 2.0.0.46, 1.9.1.45, 1.8.2.43
Download link:https://apkpure.com/cn/space-clean-super-cleaner/com.ludashi.xsuperclean
Description of the vulnerability for use in the CVE: SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table.
Additional information:Free Music is a music player that includes a built-in search function. When a user searches for music, Free Music saves their search history in a database and displays it when the user clicks on the search box. However, an unauthorized malicious application can add arbitrary data to the search history table. This can result in the content of the app's user interface being hijacked. As the malicious data continues to accumulate, it can eventually trigger a denial of service attack when the user uses the search function. Unfortunately, even restarting the app will not fix this security issue, as the malicious data is stored persistently in the database.
poc:
public void attack(){
ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
Uri uri = Uri.parse("content://freemusic.download.musicplayer.mp3player.data/searchhistory");
ContentValues contentValues = new ContentValues();
while(true){
contentValues.put("searchstring",randomString);
contentResolver.insert(uri,contentValues);
}
}