CVE-2019-11932 PoC — Facebook WhatsApp 资源管理错误漏洞

Source

https://github.com/Err0r-ICA/WhatsPayloadRCE

Associated Vulnerability

Title:Facebook WhatsApp 资源管理错误漏洞 (CVE-2019-11932)
Description:A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.

Description

Whatsapp Automatic Payload Generator [CVE-2019-11932]

Readme

# WhatsPayloadRCE

This is a Automated Generate Payload for CVE-2019-11932 (WhatsApp Remote Code Execution)

1. Auto install GCC (no harm command, you can see this is open-source)
2. Saving to **.GIF** file

## How To Use ?
```
sudo apt install git
git clone https://github.com/Err0r-ICA/WhatsPayloadRCE
cd WhatsPayloadRCE && bash start
```

## Screenshot 
![Screenshot](https://i.postimg.cc/L9yF7dkb/Screenshot-20200422-225622-Termux.jpg) 

## How Get Shell ?

1. You just send the **.GIF** file to victim user **AS A DOCUMENT NOT IMAGES**
2. And set the nc / netcat to port you set on the WhatsRCE tools {**nc -lnvp your_port**}
3. You can use the Social Engineering attack so that victims can be attracted to launch this exploit
4. Tell the victim to open the gallery via whatsapp and send the victim to send any phot.os After that a few seconds later you will receive a shell connection from the victim

## How To Avoid This Attack?

1. Update your whatsapp to the latest version **(Patched on Version 2.19.244)**
2. How to receive any file including audio images and others from people we don't know

### Thanks to [awakened1712](https://awakened1712.github.io/) - [Edo Maland](https://github.com/Screetsec/) - [IndoXploit](https://indoxploit.or.id)

#### **This is only for learning, consequences etc. if you use it for a crime I am not responsible!**

### My Accounts

* [TELEGRAM](https://t.me/termuxxhacking)

* [FACEBOOK](https://www.facebook.com/termuxxhacking)

* [INSTAGRAM](https://instagram.com/termux_hacking)

[![Build-passing](https://img.shields.io/badge/build-passing-red.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues) [![Stars](https://img.shields.io/open-vsx/stars/Redhat/Java.svg?style=plastic&color=orange)](https://github.com/Err0r-ICA/SpeedTest/issues) [![Coverage](https://img.shields.io/azure-devops/coverage/Swellaby/Opensource/25?color=yellow&style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

[![Maintainers](https://img.shields.io/badge/mainteiners-HackBoyz-green.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues) [![coded](https://img.shields.io/badge/coded%20in-bash-mintgreen.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

[![Status](https://img.shields.io/badge/code%20status-encrypted-cyan.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues) [![License](https://img.shields.io/badge/license-MIT-blueviolet.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

[![Test](https://img.shields.io/badge/tested%20on-Termux,%20Kali%20Linux,%20Ubuntu,%20Parrot%20OS,%20Debian,%20ANDRAX%20Mobile-%23ff69b4.svg?style=plastic)](https://github.com/Err0r-ICA/SpeedTest/issues)

File Snapshot


 [4.0K]  /data/pocs/664627de4b1c268842ffe0e2fb1ce3b6ce5127f5
├── [3.3K]  egif_lib.c
├── [5.3K]  exploit.c
├── [ 36K]  generate
├── [ 11K]  gif_lib.h
├── [2.6K]  README.md
└── [7.2K]  start.sh

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!