+92 303 800 1800   

Mail.ru Android Application Crash via DOS

#11756 Mail.ru Android Application Crash via DOS

 Around 6 months back I was testing Mail.ru Application on Android phone for DOS (Denial of Services), and my purpose was to crash the Mail.ru android application every time it loads, in other words, the application becomes useless, unless the email contains such DOS attack data is not removed from the mailbox. I have attached my complete report to mail.ru via hackerone.com, that includes steps, screenshot and device information.

saqibkamran reported a bug to Mail.Ru.

Please, follow the steps to reproduce the vulnerability:1: Create a new account.
2: Download the mail.ru Application in Android
3: Send an email containing blank subject and message box to the mail.ru account
3.1 That blank email will actually be created by using ALT+0160 to create a space, and then copy that and make it 32767 Characters (as I did in my test).
4: Open Android Application and as soon as the application will load that email, the application will be crashed.
Please review the screenshot as POC. I have tried it several times, and the application will crash each time as soon as it will try to load that email.

Mail.ru Android Application Crash via DOS

Android Device Details (Related):

Samsung Galaxy Note 3
RAM : 3 GB
Android OS: 4.4.2

Bounty

MailRu rewarded saqibkamran with a $200 bounty.
© 2018. All Rights Reserved!