ES File Explorer Open Port Vulnerability
ฝัง
- เผยแพร่เมื่อ 11 พ.ย. 2024
- You can find the details of the vulnerability and the script here: github.com/fs0...
Quick Description:
Everytime a user is launching ES File Explorer, a HTTP server is started. This server is opening locally the port 59777. An attacker connected on the same local network than the victim, can obtain a lot of juicy information (device info, app installed, ...) about the victim's phone, remotely get a file from the victim's phone and remotely launch an app on the victim's phone.
Great find brother keep it up
Did you report? There could be some nice bug bounty ;)
Lukas Stefanko that ain't no bug.
@@khaitomretro That is vulnerability that could be exploited, that is the reason why there are bug bounty programs.
@@mobilehacker I meant that it was an intentional feature. Vulnerabilities aren't always bugs ;)
@@khaitomretro To allow arbitrary remote code execution? What?
@@hoangbui8373 its not code execution; its file sharing.
OMG thanks dude I uninstalled it as soon as I could
It is fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
ES did a oopsie
Vulnerability fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
Great bro..
Es explorer not ask to update yet, means not reported or patched
It is fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
Thankfully the majority of users do not use default u/p combo on routers.
Totally
what command do I use to get this running? in my terminal. I downloaded it from github and have the file. I just need to know how to get it running from the folder to the console
Is there any file Manager in the play store without these type of privacy issues ?
Solid Explorer?
Fx file explorer ?
"File" by Google. Pretty much anything that doesn't open a port. ES File Explorer opens 59777.
Solid explorer
It is fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
谢谢,thanksXD
Suggestions for better files manager Android apps?
ZArchiver, perhaps?
Wow ❤️❤️
Bind a payloads on this app
good idea.
Does it affect the pro version?
Been checking yesterday. That port seem to not be open on startup, but i have to check all 65535. I'll update you soon.
EDIT:
Actually the 59777 port IS open also on pro version
@@elProfe_46 what is a port?
Is there a way to turn it off?
It is fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
@@elProfe_46 the port is open, but the JSON commands are not working...
@@focofon It was fixed by a patch in January, but now the app has a more serious problem: it was banned from play store
Is the pro version the same?
It is fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
what if there are more than one devices ?Means how to get files from a specific device?
sir watsapp hacking tips share plzzz big fan of u
did you got pay after reporting this???
C quoi ce tel emulator
China...china never changes...
You didn't mentioned some of the conditions. Like
- phone should be using WiFi.
- The attacker should be on same WiFi network.
- This rarely happens when attacker is ready to attack too. 🙂
He did said only on same network, obviously WiFi or hotspots
Funny thing is I've been trying to transfer files from my phone to PC (and vice versa) without success, also using ES File.
not to even mention the app have to be open the whole time and the attacker will need to have good spiderman senses to know the exact moment when the victim will open this app so he can then attack you.
@@MygenteTV yeah
It is fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
Sir, start making new videos......urs big fan...
😀
Uninstall my today
It is fixed
www.androidauthority.com/es-file-explorer-security-flaw-943675/
Chinese always disappointing us