ES Explorer is one of the most popular applications of Android , largely because many manufacturers introduce it as standard in their phones to compensate for the absence of a good native file manager. The French security researcher known as Elliot Alderson (real name Baptiste Robert and discoverer of the back door of OnePlus 6) explains that there is an important vulnerability thanks to which it is possible to extract information contained in a mobile phone connected to a local network.



 French security researcher Elliot Alderson has discovered a vulnerability in the file management software of Android ES File Explorer with more than 100 million downloads, specifically according to its creators "more than 300 million users worldwide". 

ES Explorer runs an HTTP server that can be exploited to launch various attacks on a local network. Using a fairly simple script, the researcher has demonstrated the ease with which you can extract photos, videos and names of applications, as well as data contained in memory cards. As if this were not enough, it is also possible to run applications remotely. 

The failure must be exploited in a local network, which in some way limits the risks for the common user (although those who connect to public networks would do very well to protect themselves) 


The vulnerability has been confirmed in versions of Android equal to or less than 4.1.9.7.4 and allows through from HTTP requests to port 59777 execute applications and read files remotely in local network. This TCP port opens once the application is started and remains open even if the application is closed.



Elliot Alderson has published through his GitHub a 'script' as proof of concept with the following capabilities:

listFiles : List all the files 
listPics : List all the pictures 
listVideos : List all the videos 
listAudios : List all the audio files 
listApps : List all the apps installed 
listAppsSystem : List all the system apps 
listAppsPhone : List all the phone apps 
listAppsSdcard : List all the apk files in the sdcard 
listAppsAll : List all the apps installed (system apps included) 
getDeviceInfo : Get device info. Package name parameter is needed 
appPull : Pull an app from the device 
appLaunch : Launch an app. Package name parameter is needed 
getAppThumbnail: Get the icon of an app. Package name parameter is needed

On the other hand, the miter has assigned the CVE CVE-2019-6447 and remains waiting to receive an update by the manufacturer. 
Share To:

Hackerbrother

Post A Comment:

0 comments so far,add yours