,
15 tweets,
5 min read
Read on Twitter
With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone
Technically, everytime a user is launching the app, a HTTP server is started. This server is opening locally the port 59777. On this port, an attacker can send a JSON payload to the target 
You can find the proof of concept on this Github repo github.com/fs0c131y/ESFil…
To sum up, an attacker connected on the same local network can remotely:
- get a file from your phone
- list all the apps installed on your phone
- list all your videos, images, audio files
- get a file from your phone
- list all the apps installed on your phone
- list all your videos, images, audio files
Worth to say, I'm convinced this "feature" has been implemented by design. Imagine a scenario: I'm Chinese, I have ES File Explorer installed on my phone. I'm on the subway and I used to connect to the public wifi. "The authorities" can use this "feature" against me.
As always, excellent article by @zackwhittaker techcrunch.com/2019/01/16/and…
I did a commit to fix a small issue on my script. If you have a problem with the script or have some improvements don't hesitate to contact me or to send a pull request! github.com/fs0c131y/ESFil…
I love the #infosec community! The awesome @LukasStefanko found that ES File Explorer is vulnerable to a MITM attack 😅
Did I tell you that I found 2 others vulnerabilities in ES File Explorer? But I will keep them for another day
I'm a mysterious security researcher 😂
Now, you can call this vulnerability CVE-2019-6447
You are awesome! I already merged 4 pull requests. Thank you all for your contribution and show me how bad I am in Python 😁 github.com/fs0c131y/ESFil…
