Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2017-13156 PoC — Android System(art) 权限许可和访问控制问题漏洞

Source
https://github.com/M507/CVE-2017-13156
Associated Vulnerability
Title:Android System(art) 权限许可和访问控制问题漏洞 (CVE-2017-13156)
Description:An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
Description
To determine if an APK is vulnerable to CVE-2017-13156
Readme
### Check-CVE-2017-13156.py


```sh
root@ubuntu:~/CVE-2017-13156$ pip install androguard
root@ubuntu:~/CVE-2017-13156$ python Check-CVE-2017-13156.py InsecureBankv2.apk

Checking if InsecureBankv2.apk is vulnerable to CVE-2017-13156 vulnerability

InsecureBankv2.apk md5: 5ee4829065640f9c936ac861d1650ffc

InsecureBankv2.apk is signed
v1 scheme: True
v2 scheme: False
v3 scheme: False
minSdkVersion: 15 
InsecureBankv2.apk 5ee4829065640f9c936ac861d1650ffc is VULNERABLE
InsecureBankv2.apk can be exploited on devices running Android version < 8.0.0
```
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →