CVE-2020-0014 PoC — Android Framework 安全漏洞

Source

https://github.com/tea9/CVE-2020-0014-Toast

Associated Vulnerability

Title:Android Framework 安全漏洞 (CVE-2020-0014)
Description:It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520

Description

CVE-2020-0014-Toast-复现

Readme

## CVE-2020-0014 Toast 复现
该漏洞可使恶意 App 通过构造一个可被点击的 Toast 视图来截获用户在屏幕上的操作，以达到搜集用户密码等敏感信息的目的。  
影响范围：Android 8.0版本，8.1版本，9版本，10版本  


![log](./log.png)

只验证了可行性，未验证漏洞实际可以造成的危害  
[release](./app/release/app-release.apk)  

## LINKS

[通过安卓最新 Toast 漏洞进行 Tapjacking](https://www.anquanke.com/post/id/201052)  
[Android 安全公告](https://source.android.com/security/bulletin/2020-02-01)  
[CVE-2020-0014](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0014)

File Snapshot


 [4.0K]  /data/pocs/1cd7a9c9528312d7631dcca8222049f92b825f21
├── [4.0K]  app
│   ├── [ 942]  build.gradle
│   ├── [ 750]  proguard-rules.pro
│   ├── [4.0K]  release
│   │   ├── [1.6M]  app-release.apk
│   │   └── [ 383]  output-metadata.json
│   └── [4.0K]  src
│       ├── [4.0K]  androidTest
│       │   └── [4.0K]  java
│       │       └── [4.0K]  com
│       │           └── [4.0K]  example
│       │               └── [4.0K]  cve_2020_0014_toast
│       │                   └── [ 776]  ExampleInstrumentedTest.java
│       ├── [4.0K]  main
│       │   ├── [ 772]  AndroidManifest.xml
│       │   ├── [4.0K]  java
│       │   │   └── [4.0K]  com
│       │   │       └── [4.0K]  example
│       │   │           └── [4.0K]  cve_2020_0014_toast
│       │   │               ├── [2.2K]  ClickToast.java
│       │   │               ├── [1.6K]  LoopService.java
│       │   │               ├── [ 465]  MainActivity.java
│       │   │               └── [ 505]  MyTextView.java
│       │   └── [4.0K]  res
│       │       ├── [4.0K]  drawable
│       │       │   └── [5.5K]  ic_launcher_background.xml
│       │       ├── [4.0K]  drawable-v24
│       │       │   └── [1.7K]  ic_launcher_foreground.xml
│       │       ├── [4.0K]  layout
│       │       │   └── [ 780]  activity_main.xml
│       │       ├── [4.0K]  mipmap-anydpi-v26
│       │       │   ├── [ 272]  ic_launcher_round.xml
│       │       │   └── [ 272]  ic_launcher.xml
│       │       ├── [4.0K]  mipmap-hdpi
│       │       │   ├── [3.5K]  ic_launcher.png
│       │       │   └── [5.2K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-mdpi
│       │       │   ├── [2.6K]  ic_launcher.png
│       │       │   └── [3.3K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xhdpi
│       │       │   ├── [4.8K]  ic_launcher.png
│       │       │   └── [7.3K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xxhdpi
│       │       │   ├── [7.7K]  ic_launcher.png
│       │       │   └── [ 12K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xxxhdpi
│       │       │   ├── [ 10K]  ic_launcher.png
│       │       │   └── [ 16K]  ic_launcher_round.png
│       │       └── [4.0K]  values
│       │           ├── [ 207]  colors.xml
│       │           ├── [  81]  strings.xml
│       │           └── [ 381]  styles.xml
│       └── [4.0K]  test
│           └── [4.0K]  java
│               └── [4.0K]  com
│                   └── [4.0K]  example
│                       └── [4.0K]  cve_2020_0014_toast
│                           └── [ 392]  ExampleUnitTest.java
├── [ 530]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 53K]  gradle-wrapper.jar
│       └── [ 232]  gradle-wrapper.properties
├── [1.0K]  gradle.properties
├── [5.2K]  gradlew
├── [2.2K]  gradlew.bat
├── [141K]  log.png
├── [ 665]  README.md
└── [  55]  settings.gradle

31 directories, 38 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!