Shareit app download10/9/2023 ![]() Here the interesting part is that the application fails to validate msgid parameter that allows a malicious client with a valid session to download any resource by directly referencing its identifier. metadatatype=photo& metadataid=1337& filetype=thumbnail& msgid=c60088c13d6Ībove link contains a 4 different parameter and identifier, each has its own operation including to defines what resource we are trying to download ( metadatatype), representing asset id in Android MediaStore ( metdataid), define the Preview of the resource ( filetype ) and each request to make sure that download request was originally initiated by the sender( msgid ). In this case, whenever the user initiated the download request from the SHAREit app then the SHAREit client will send the GET request to the HTTP server. ![]() The first vulnerability in the SHAREit app <= v 4.0.38 allows attackers to download the authenticated arbitrary file dues to improper validation in msgid, a unique identifier for each request to make sure that download request was originally initiated by the sender. Download channel implemented its own HTTP server by SHAREit that helps clients to download the received files in another end.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |