Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2020-0096 PoC — Android Framework 安全漏洞

Source
https://github.com/tea9/CVE-2020-0096-StrandHogg2
Associated Vulnerability
Title:Android Framework 安全漏洞 (CVE-2020-0096)
Description:In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109
Description
CVE-2020-0096-StrandHogg2 复现
Readme
> 此设计缺陷使攻击者可以在另一个应用程序的顶部显示其自己的活动(页面),从而可能使用户迷失自己的私人数据。该漏洞被称为StrandHogg 2.0,最近由挪威安全公司Promon披露。   

范围:理论上是全版本   
android10测试失败了,测试8.0.1测试成功    

验证步骤:   
修改代码为目标app的包名和导出的activity   
启动目标app的目标activity   
启动测试app   
在启动目标app发现劫持成功   


## LINKS  
https://source.android.com/security/bulletin/2020-05-01  
https://github.com/liuyun201990/StrandHogg2/  
https://www.xda-developers.com/strandhogg-2-0-android-vulnerability-explained-developer-mitigation/  
[Android 9.0 等系统存在 StrandHogg 2.0 漏洞](https://www.oschina.net/news/115997/android-bug-strandhogg-2-0)  
[Strandhogg漏洞:Android系统上的维京海盗](https://www.freebuf.com/sectool/221933.html)  
https://github.com/BoxFighter/Android-StrandHogg-Vulnerability  
[一起等补丁:操作系统漏洞StrandHogg 2.0几乎影响所有安卓设备](https://blog.csdn.net/smellycat000/article/details/106394426/)  
[StrandHogg 2.0 Android漏洞影响10亿多设备](https://www.freebuf.com/column/237918.html)  
[CVE-2020-0096 StrandHogg 2.0漏洞分析](https://wrlu.cn/cyber-security/mobile/android-strandhogg-2/)
File Snapshot

 [4.0K]  /data/pocs/30b6a81a23fa2e5980329a744f73df1722933c14
├── [4.0K]  app
│   ├── [ 948]  build.gradle
│   ├── [ 750]  proguard-rules.pro
│   └── [4.0K]  src
│       ├── [4.0K]  androidTest
│       │   └── [4.0K]  java
│       │       └── [4.0K]  com
│       │           └── [4.0K]  example
│       │               └── [4.0K]  cve_2020_0096_strandhogg2
│       │                   └── [ 788]  ExampleInstrumentedTest.java
│       ├── [4.0K]  main
│       │   ├── [ 823]  AndroidManifest.xml
│       │   ├── [4.0K]  java
│       │   │   └── [4.0K]  com
│       │   │       └── [4.0K]  example
│       │   │           └── [4.0K]  cve_2020_0096_strandhogg2
│       │   │               ├── [ 391]  ActivityB.java
│       │   │               ├── [ 391]  ActivityC.java
│       │   │               └── [ 963]  MainActivity.java
│       │   └── [4.0K]  res
│       │       ├── [4.0K]  drawable
│       │       │   └── [5.5K]  ic_launcher_background.xml
│       │       ├── [4.0K]  drawable-v24
│       │       │   └── [1.7K]  ic_launcher_foreground.xml
│       │       ├── [4.0K]  layout
│       │       │   ├── [ 776]  activity_b.xml
│       │       │   ├── [ 776]  activity_c.xml
│       │       │   └── [ 792]  activity_main.xml
│       │       ├── [4.0K]  mipmap-anydpi-v26
│       │       │   ├── [ 272]  ic_launcher_round.xml
│       │       │   └── [ 272]  ic_launcher.xml
│       │       ├── [4.0K]  mipmap-hdpi
│       │       │   ├── [3.5K]  ic_launcher.png
│       │       │   └── [5.2K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-mdpi
│       │       │   ├── [2.6K]  ic_launcher.png
│       │       │   └── [3.3K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xhdpi
│       │       │   ├── [4.8K]  ic_launcher.png
│       │       │   └── [7.3K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xxhdpi
│       │       │   ├── [7.7K]  ic_launcher.png
│       │       │   └── [ 12K]  ic_launcher_round.png
│       │       ├── [4.0K]  mipmap-xxxhdpi
│       │       │   ├── [ 10K]  ic_launcher.png
│       │       │   └── [ 16K]  ic_launcher_round.png
│       │       └── [4.0K]  values
│       │           ├── [ 207]  colors.xml
│       │           ├── [  87]  strings.xml
│       │           └── [ 381]  styles.xml
│       └── [4.0K]  test
│           └── [4.0K]  java
│               └── [4.0K]  com
│                   └── [4.0K]  example
│                       └── [4.0K]  cve_2020_0096_strandhogg2
│                           └── [ 398]  ExampleUnitTest.java
├── [   0]  a.sh
├── [ 530]  build.gradle
├── [182K]  code.png
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 53K]  gradle-wrapper.jar
│       └── [ 232]  gradle-wrapper.properties
├── [1.0K]  gradle.properties
├── [5.2K]  gradlew
├── [2.2K]  gradlew.bat
├── [1.3K]  README.md
├── [  61]  settings.gradle
└── [ 18M]  演示.mp4

30 directories, 39 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →