Open port vulnerability in ES file explorer

With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager. The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone (French researcher fs0c131y)

The exploit works by a port that is opened up on the device when ES File Explorer is opened. In essence, every time you launch the application, a web server is opened. Robert wrote a proof of concept Python script that can connect to a mobile device running the app, connect to it, and list files of a certain type. It can then download any of those files directly from your phone. It’s a pretty serious vulnerability as it can allow anyone on the same network to download a file straight from your phone. It can even launch an app on your device too.

Proof of concept Open port vulnerability

ES file explorer open port vulnerability

Man in the middle attack in ES file explorer

Lukas found another local vulnerability in ES File Explorer app: Man-in-the-middle attack. #MITM Attacker connected to the same local network can intercept HTTP traffic and exchange it for his own.

Proof of concept Man in the middle attack

Note: These vulnerabilities have been found in 4.1.9.7.4 and below versions. As well as these vulnerabilities don’t found in pro version.

LEAVE A REPLY

Please enter your comment!
Please enter your name here