Mediafire Andriod App Leaking Sensitive User Data


Mediafire Andriod App Leaking Sensitive User Data – Bug Bounty POC

Hello Bug Bounty POC Viewers Hope you are all in good health. . This is Arbaz Hussain and today  i will be sharing one of my recent finding in Mediafire Android Application. So lets come to the issue, Basically it was an INSECURE LOGGING Which Leaks Email & Password with HTTP Response in Plain Text. One Night I Was Testing For Small Vulnerabilities , . Many of our researchers are testing for Vulnerabilities in Mediafire Web Application , So i Just Skip it And Started Digging Their Android App . The First Thing i Test for is INSECURE Data Store Which is Most Common By Checking Any Juicy information is Been Saved in Plain Texts Anywhere in Directories , I Tried but Didn’t Found Anything Interesting , Then i Started Testing For Data Leakage And Found Out That  While Loging in  Into Mediafire

Though Android App Whole HTTP Response Along With Email & Passwords are Leaking  in plain text Though Android logs which means any app which can read logs can also read Mediafire username and passwords.. Apps like logcat and many others can b used. ( those are apps which doesn’t  Even need root access).


Android Maintains a Centralised logcat for all apps running on the device, which is Most Commonly used by Developers for Debugging purposes.Tested By Using ADB Logcat. So Always  wherenever u r creating a application you should ensure that u r not logging sensitive information in Production build of application.


Tip For Testing Logging Issues :

adb shell ps | grep -i  ‘Your Android App Name ‘

adb shell logcat | grep [pid]
Example :-

1. adb shell ps | grep -i ‘Mediafire’

Ubuntu@ >>    22

2. adb shell logcat | grep 22


Reward : Undisclosed + Certificate + Pro Plan

You may also like...

3 Responses

  1. I have to thank you for the efforts you’ve put in penning this site.
    I’m hoping to check out the same high-grade content by you in the future as well.
    In fact, your creative writing abilities has encouraged me to get my own, personal blog now 😉

  2. You have remarked very interesting points! ps decent website .

  3. We stumbled over here different website and thought I might as well check things out.
    I like what I see so i am just following you. Look forward to going
    over your web page for a second time.

Leave a Reply

Your email address will not be published. Required fields are marked *