Exploit the Android database using a WATSAPP GIF file



In this blog post, I'm going to share about a double vulnerability I discovered on WhatsApp for Android, and how it turned it into RCE. I reported this to Facebook. Facebook officially recognized and corrected WhatsApp version 2.19.244. Facebook CVE-2019-11932 is reserved for this issue.

The steps are as follows:

0:16 Attacker sends the GIF file to the user via any channels

11 Comments

  1. Reply

    when i execute:
    nc -lvnp 4444
    and i send the gif nothing happens
    what should i do?
    And
    The address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability.
    How Can i Do This ???

    Please sir reply in fast

Leave Comment

Your email address will not be published. Required fields are marked *