With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone https://www.youtube.com/watch?v=z6hfgnPNBRE …
You can find the proof of concept on this Github repo https://github.com/fs0c131y/ESFileExplorerOpenPortVuln …
To sum up, an attacker connected on the same local network can remotely:
- get a file from your phone
- list all the apps installed on your phone
- list all your videos, images, audio files
Worth to say, I'm convinced this "feature" has been implemented by design. Imagine a scenario: I'm Chinese, I have ES File Explorer installed on my phone. I'm on the subway and I used to connect to the public wifi. "The authorities" can use this "feature" against me.
As always, excellent article by @zackwhittaker https://techcrunch.com/2019/01/16/android-app-es-file-explorer-expose-data/ …
I did a commit to fix a small issue on my script. If you have a problem with the script or have some improvements don't hesitate to contact me or to send a pull request! https://github.com/fs0c131y/ESFileExplorerOpenPortVuln …
Did I tell you that I found 2 others vulnerabilities in ES File Explorer? But I will keep them for another day
You can follow @fs0c131y.
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.
Enjoy Threader? Sign up.
Threader is an independent project created by only two developers. The site gets 500,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Running this space is expensive and time consuming. If you find Threader useful, please consider supporting us to make it a sustainable project.