Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT

Related tags

Web Applications android php exploit hacking exploitation hacktoberfest
Overview

k61v1injector

Version: 1.1

Arbitrary application installer for Qin F21 Pro

Exploit the vulnerability to install arbitrary applications in k61v1 without ROOT.

Feel free pull request if you want :)

php-adb

The project proudly uses the php-adb library.

How to use

  1. Download and install PHP 8 for your system from the official website.
  2. Enable GD extension in php.ini.
  3. Place adb.php in php-adb to the directory.
  4. Download platform-tools and place them in libraries. Note: Mac OS needs to rename adb to adb-darwin.
  5. Open the terminal and use PHP interpreter to execute the script with the usage.
  6. Wait for the script to run.
  • p.s. Releases has packaged the required files, so you only need to configure the PHP environment.

TO-DOs

  • Nothing to do.

Changelog

  • v1.1:
    • Fix wrong judgment
  • v1.0:
    • First ver

License

No license, you are only allowed to use this project. All rights are reserved by MeowCat Studio, Meow Mobile and MlgmXyysd.

You might also like...
A platform for CMS version detection, exploit suggestion and CVE display based on vulnerability

A platform for CMS version detection, exploit suggestion and CVE display based on vulnerability

HawkstoNGriM 3 Jul 7, 2022
YCOM Impersonate. Login as selected YCOM user 🧙‍♂️in frontend.

YCOM Impersonate Login as selected YCOM user in frontend. Features: Backend users with admin rights or YCOM[] rights, can be automatically logged in v

Friends Of REDAXO 17 Sep 12, 2022
A easy way to install your basic yii projetc, we have encrypt database password in phpfile, my class with alot funtions to help you encrypt and decrypt and our swoole server install just run ./yii swoole/start and be happy!

Yii 2 Basic Project Template with swoole and Modules Yii 2 Basic Project Template is a skeleton Yii 2 application best for rapidly creating small proj

null 3 Apr 11, 2022
FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities

FUGIO FUGIO is the first automatic exploit generation (AEG) tool for PHP object injection (POI) vulnerabilities. When exploiting a POI vulnerability,

KAIST Web Security and Privacy Lab 53 Dec 23, 2022
CMS auto detect and exploit.
CMS auto detect and exploit.

BadMod auto exploit tool Version 2.0 Fixed colors bug Fixed permissions bug Added new option to scan single target Added new option to scan joomla & w

Mohammed Al-Barbari 329 Jan 2, 2023
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.

Ansible Ansible is a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc ta

Ansible 55.9k Dec 31, 2022
This package is for updating your Laravel project via view without doing any command in the prompt, this package may be useful when you sell your project to multiple people as they will update without any intervention from you via a simple destination

Introduction : This package is for updating your Laravel project via view without doing any command in the prompt, this package may be useful when you

salah eddine bendyab 18 Aug 17, 2021
Laravel Automated Vulnerability Scanner

Todo Laravel Fingerprint Laravel Leak .env Laravel Debug Mode Laravel CVE-2018-15133 Laravel Ignition CVE-2021-3129 Insecure Deserialization with APP_

Carlos Vieira 52 Dec 4, 2022
Open Source Vulnerability Disclosure Program
Open Source Vulnerability Disclosure Program

OpenVDP Open Source Vulnerability Disclosure Program Created by Akshat Parikh What is this web application? OpenVDP is a full stack web application th

null 25 Nov 9, 2022
WPHunter A Wordpress Vulnerability Scanner

WPHunter Tool ☣ WPHunter A Wordpress Vulnerability Scanner You can use this tool on your wordpress website to check the security of your website by fi

Jamal Eddine 140 Dec 24, 2022
All in one tool for Information Gathering and Vulnerability Scanning
All in one tool for Information Gathering and Vulnerability Scanning

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

r3dhax0r 2.3k Jan 3, 2023
A dockerized PHP application containing some file upload vulnerability challenges (scenarios)

File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges

Moein Fatehi 15 Dec 23, 2022
WebVulScan - a web application vulnerability scanner
WebVulScan - a web application vulnerability scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities.

Dermot Blair 145 Nov 20, 2022
Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101
Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101

Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta

Mathias Reker ⚡️ 25 Nov 22, 2022
Application with SQL Injection vulnerability and possible privilege escalation
Application with SQL Injection vulnerability and possible privilege escalation

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

Filip Karczewski 56 Nov 18, 2022
A filesystem-like repository for storing arbitrary resources.

The Puli Repository Component Latest release: 1.0.0-beta10 PHP = 5.3.9 The Puli Repository Component provides an API for storing arbitrary resources

Puli 435 Nov 20, 2022
The VarDumper component provides mechanisms for walking through any arbitrary PHP variable. It provides a better dump() function that you can use instead of var_dump().

VarDumper Component The VarDumper component provides mechanisms for walking through any arbitrary PHP variable. It provides a better dump() function t

Symfony 7.1k Dec 23, 2022
Arbitrary number base converter.

Numbase Easily convert numbers between arbitrary bases and symbol sets. Installation This library is available on Packagist as thunderer/numbase. It r

Tomasz Kowalczyk 23 Sep 25, 2022
The VarDumper component provides mechanisms for walking through any arbitrary PHP variable. It provides a better dump() function that you can use instead of var_dump().

VarDumper Component The VarDumper component provides mechanisms for walking through any arbitrary PHP variable. It provides a better dump() function t

Symfony 7.1k Jan 1, 2023
Comments
  • No Qin F21 Pro device detected, please connect to PC.

    No Qin F21 Pro device detected, please connect to PC.

    OS: MAC OS Monterey on M1 mac

    I hope I took the correct steps,

    • Downloaded php8
    • Enabled gd in php.ini
    • Downloaded platform-tools and moved the folder into F21ProInjector/libraries and renamed adb to adb-darwin
    • Downloaded php-adb abd moved adb-php file into F21ProInjector/ directory.
    • I made sure adb debugging is enabled.
    • I ran the command php f21proinjector.php libraries/ProMarketExploit_MlgmXyysd_signed.apk which gave me the following output

    No Qin F21 Pro device detected, please connect to PC. error

    PHP Warning:  PHP Startup: Unable to load dynamic library 'gd' (tried: /opt/homebrew/lib/php/pecl/20210902/gd (dlopen(/opt/homebrew/lib/php/pecl/20210902/gd, 0x0009): tried: '/opt/homebrew/lib/php/pecl/20210902/gd' (no such file), '/usr/local/lib/gd' (no such file), '/usr/lib/gd' (no such file)), /opt/homebrew/lib/php/pecl/20210902/gd.so (dlopen(/opt/homebrew/lib/php/pecl/20210902/gd.so, 0x0009): tried: '/opt/homebrew/lib/php/pecl/20210902/gd.so' (no such file), '/usr/local/lib/gd.so' (no such file), '/usr/lib/gd.so' (no such file))) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'gd' (tried: /opt/homebrew/lib/php/pecl/20210902/gd (dlopen(/opt/homebrew/lib/php/pecl/20210902/gd, 0x0009): tried: '/opt/homebrew/lib/php/pecl/20210902/gd' (no such file), '/usr/local/lib/gd' (no such file), '/usr/lib/gd' (no such file)), /opt/homebrew/lib/php/pecl/20210902/gd.so (dlopen(/opt/homebrew/lib/php/pecl/20210902/gd.so, 0x0009): tried: '/opt/homebrew/lib/php/pecl/20210902/gd.so' (no such file), '/usr/local/lib/gd.so' (no such file), '/usr/lib/gd.so' (no such file))) in Unknown on line 0
[2021-12-12] [19:51:26] [INFO] - *******************************
[2021-12-12] [19:51:26] [INFO] - * Duoqin Qin F21 Pro Injector *
[2021-12-12] [19:51:26] [INFO] - * By MlgmXyysd    Version 1.2 *
[2021-12-12] [19:51:26] [INFO] - *******************************
[2021-12-12] [19:51:26] [INFO] - GitHub: https://github.com/MlgmXyysd
[2021-12-12] [19:51:26] [INFO] - XDA: https://forum.xda-developers.com/m/mlgmxyysd.8430637
[2021-12-12] [19:51:26] [INFO] - Twitter: https://twitter.com/realMlgmXyysd
[2021-12-12] [19:51:26] [INFO] - PayPal: https://paypal.me/MlgmXyysd
[2021-12-12] [19:51:26] [INFO] - My Website: https://www.neko.ink/
[2021-12-12] [19:51:26] [INFO] - Telegram Group: https://t.me/+Mi18E90aOgUwZjNl
[2021-12-12] [19:51:26] [INFO] - *******************************
[2021-12-12] [19:51:26] [INFO] - Starting ADB server...
[2021-12-12] [19:51:26] [INFO] - Detecting device...
[2021-12-12] [19:51:26] [INFO] * No Qin F21 Pro device detected, please connect to PC.
    invalid 
    opened by yechielw 5
  • Could not open input file: k61v1injector.php

    Could not open input file: k61v1injector.php

    We I open the script I got this message: Could not open input file: k61v1injector.php cannot connect to daemon at tcp:5037: cannot connect to 127.0.0.1:5037: No connection could be made because the target machine actively refused it. (10061)

    But the device is connected and recognized with the external adb

    invalid 
    opened by Omarelwi 1
  • Unable to install App on my F21 Pro - throws following error

    Unable to install App on my F21 Pro - throws following error

    php k61v1injector.php com.google.android.apps.tachyon_152.0.405507991.duo.android_20211017.13_p3.s-3308556_minAPI21(arm64-v8a,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk

    • Qin F21 Pro (k61v1) Injector *
    • By MlgmXyysd *
    • Version 1.1
    • Detecting device...
    • 1 device(s) detected.
    • Processing device F21PL218006241(1)...
    • Detecting vulnerability...
    • Vulnerability found.
    • Exploiting...

    Fatal error: Uncaught Error: Call to undefined function imagecolorat() in C:\Users\Talha\Downloads\k61v1injector-master\k61v1injector.php:178 Stack trace: #0 {main} thrown in k61v1injector.php on line 178

    opened by abbadtalha 1
  • Can't detect my F21 Pro 32gb 3gb ram

    Can't detect my F21 Pro 32gb 3gb ram

    "No Qin F21 Pro device detected, please connect to PC............."

    I am testing your script on MacOS catalina I have tested ADB SHELL and ADB DEVICES works nicely outside of the script

    bug 
    opened by funtikar 1
Owner
Jim Wu
An 19 y.o. cat who is passionate about technologies, open-source, intelligence, convenience, etc. (>ω・* )ノ
Jim Wu
GitHub
Translate laravel resource, vendor, folder or file from google translation without requiring any api information

⚡ ⚡ ⚡ Laravel Go Translate Translate laravel resource, vendor, folder or file from google translation without requiring any api information. Table of

CodeBugLab 37 Jun 18, 2022
Instagram automation represents the use of third-party software to manage your account, carry out tasks and/or interact with users without a human present. Bulit in Laravel Framework

How to Deploy laravel project to heroku Video Link : https://youtu.be/7Nq_a2QiaHo Home Page Login Page Dashboard Page About Laravel Laravel is a web a

null 1 Dec 3, 2021
QuidPHP/Navigation contains a JavaScript module for a website navigation without reloading.

QuidPHP/Navigation contains a JavaScript module for a website navigation without reloading.

QuidPHP 2 Jul 2, 2022
A much faster alternative to youtube-dl built for PHP applications.

youtube-downloader This project was inspired by a very popular youtube-dl python package: https://github.com/rg3/youtube-dl Yes, there are multiple ot

null 668 Jan 3, 2023
A framework for building rich, data-driven applications in PHP and MySQL

Xataface A framework for building rich, data-driven applications in PHP and MySQL License GPL Requirements PHP 5.2 or higher MySQL 5 or higher Install

Steve Hannah 129 Dec 13, 2022
Demo of using geo data in PHP web applications

phpgeo-demo Demo of using geo data in PHP web applications Goals Demonstrate basic data storage and retrieval methods using Geo specific data Orient t

J Corry 2 Jul 10, 2016
DBase - An easy-to-use backend for mobile and web applications

DBase DBase is an easy-to-use backend for your mobile and web applications, host the files in an Ubuntu server and use the SDKs to perform CRUD operat

Frank Eno ~ XSGames 39 May 25, 2022
Phalcon - Développez des applications web complexes et performantes en PHP

Phalcon - Développez des applications web complexes et performantes en PHP Ce projet GitHub contient les sources du livre : Phalcon 3 - Développez des

Les Enovateurs 3 Jul 5, 2022
CollectiveAccess is a web-based suite of applications providing a framework for management, description, and discovery of complex digital

README: Pawtucket2 version 1.7.14 About CollectiveAccess CollectiveAccess is a web-based suite of applications providing a framework for management, d

CollectiveAccess 70 Sep 28, 2022
QuidPHP/Core is a PHP library that provides an extendable platform to create dynamic applications

QuidPHP/Core About QuidPHP/Core is a PHP library that provides an extendable platform to create dynamic applications. It is part of the QuidPHP packag

QuidPHP 4 Jul 2, 2022