-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
es file explorer open port CVE-2019-6447 #11625
Conversation
Nice work! With features like these, who needs bugs! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a DisclosureDate
.
Btw, when we discussed this in work chat in January, I found this: https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fwww.ms509.com%2F2016%2F03%2F01%2Fes-explorer-vul%2F.
Independent discovery? cc @fs0c131y |
Interesting, 3yr timespan. I'll update references, credit should be given as it references all the same things |
Hi, Yes I found this issue 2 months ago. The PoC I made is available here: https://github.com/fs0c131y/ESFileExplorerOpenPortVuln Regards |
Yes, credit all discoverers, please. Thanks! |
Verified locally yesterday, LGTM. |
Release NotesThe ES File Explorer Open Port module exploits CVE-2019-6447. The Android app "ES File Explorer," version 4.1.9.7.5 and earlier, runs an HTTP server while the app is open, accepts commands to perform operations such as getting device info, downloading files, and listing apps and files. |
This module exploits CVE-2019-6447, where Android app ES File Explorer before version 4.1.9.7.5 ran an HTTP server while the app was open, which accepted commands commands to do things like get device info, download files, list apps/files.
Verification
msfconsole
use modules/auxiliary/scanner/http/es_file_explorer_open_port
set rhost
run