{"uuid": "830d6764-3870-4485-a63c-435f06045835", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-2198", "type": "exploited", "source": "https://t.me/androidMalware/614", "content": "Exploiting SQL Injection in Android's Download Provider (CVE-2019-2198)\n\nBlind SQL injection in Android's Download Provider will retrieve user cookies of downloaded file website (e.g. Gmail).\nPatched in November's 2019 Android Security Bulletin.\nPoC + info:https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere/", "creation_timestamp": "2020-01-20T08:01:45.000000Z"}