Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-35205 PoC — Kingsoft Installer of WPS Office 安全漏洞

Source
https://github.com/cyb3r-w0lf/Dirty_Stream-Android-POC
Associated Vulnerability
Title:Kingsoft Installer of WPS Office 安全漏洞 (CVE-2024-35205)
Description:The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID.
Description
Dirty Stream exploit for MI-File Explorer V1-210567 version. CVE-2024-35205
Readme
# Dirty_Stream-Android-POC
This is the exploit for MI-File Explorer V1-210567 version. it writes pwned.txt into "/data/user/0/com.mi.android.globalFileexplorer/shared_prefs" directory

for more information: https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/

https://github.com/user-attachments/assets/1a0b40fa-c4f3-405f-9cc0-0c0b89e2774b
File Snapshot

 [4.0K]  /data/pocs/bdf0a9ae5258b50f8a3d4dad861bf9d522d6faa9
├── [4.0K]  app
│   ├── [1.0K]  build.gradle.kts
│   ├── [ 750]  proguard-rules.pro
│   └── [4.0K]  src
│       ├── [4.0K]  androidTest
│       │   └── [4.0K]  java
│       │       └── [4.0K]  com
│       │           └── [4.0K]  fileexplorer
│       │               └── [4.0K]  exploit
│       │                   └── [ 762]  ExampleInstrumentedTest.java
│       ├── [4.0K]  main
│       │   ├── [1.2K]  AndroidManifest.xml
│       │   ├── [4.0K]  assets
│       │   │   └── [ 199]  pwned.txt
│       │   ├── [4.0K]  java
│       │   │   └── [4.0K]  com
│       │   │       └── [4.0K]  fileexplorer
│       │   │           └── [4.0K]  exploit
│       │   │               ├── [1.2K]  DatabaseHelper.java
│       │   │               ├── [2.2K]  MainActivity.java
│       │   │               └── [1.6K]  MyContentProvider.java
│       │   └── [4.0K]  res
│       │       ├── [4.0K]  drawable
│       │       │   ├── [5.5K]  ic_launcher_background.xml
│       │       │   └── [1.7K]  ic_launcher_foreground.xml
│       │       ├── [4.0K]  layout
│       │       │   └── [1.1K]  activity_main.xml
│       │       ├── [4.0K]  mipmap-anydpi
│       │       │   ├── [ 343]  ic_launcher_round.xml
│       │       │   └── [ 343]  ic_launcher.xml
│       │       ├── [4.0K]  mipmap-hdpi
│       │       │   ├── [2.8K]  ic_launcher_round.webp
│       │       │   └── [1.4K]  ic_launcher.webp
│       │       ├── [4.0K]  mipmap-mdpi
│       │       │   ├── [1.7K]  ic_launcher_round.webp
│       │       │   └── [ 982]  ic_launcher.webp
│       │       ├── [4.0K]  mipmap-xhdpi
│       │       │   ├── [3.8K]  ic_launcher_round.webp
│       │       │   └── [1.9K]  ic_launcher.webp
│       │       ├── [4.0K]  mipmap-xxhdpi
│       │       │   ├── [5.8K]  ic_launcher_round.webp
│       │       │   └── [2.8K]  ic_launcher.webp
│       │       ├── [4.0K]  mipmap-xxxhdpi
│       │       │   ├── [7.6K]  ic_launcher_round.webp
│       │       │   └── [3.8K]  ic_launcher.webp
│       │       ├── [4.0K]  raw
│       │       │   └── [ 399]  pwned.txt
│       │       ├── [4.0K]  values
│       │       │   ├── [ 147]  colors.xml
│       │       │   ├── [  75]  strings.xml
│       │       │   └── [ 411]  themes.xml
│       │       ├── [4.0K]  values-night
│       │       │   └── [ 333]  themes.xml
│       │       └── [4.0K]  xml
│       │           ├── [ 478]  backup_rules.xml
│       │           └── [ 551]  data_extraction_rules.xml
│       └── [4.0K]  test
│           └── [4.0K]  java
│               └── [4.0K]  com
│                   └── [4.0K]  fileexplorer
│                       └── [4.0K]  exploit
│                           └── [ 385]  ExampleUnitTest.java
├── [ 167]  build.gradle.kts
├── [ 20M]  com.mi.android.globalFileexplorer_V1-210567-{DirtyStreamAttack-Test}.apk
├── [4.0K]  gradle
│   ├── [ 939]  libs.versions.toml
│   └── [4.0K]  wrapper
│       ├── [ 58K]  gradle-wrapper.jar
│       └── [ 230]  gradle-wrapper.properties
├── [1.2K]  gradle.properties
├── [5.6K]  gradlew
├── [2.6K]  gradlew.bat
├── [ 34K]  LICENSE
├── [ 441]  README.md
└── [ 538]  settings.gradle.kts

33 directories, 42 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →