cve/2017/CVE-2017-16905.md

### [CVE-2017-16905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16905)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xsaju/Awesome-Bugbounty-Writeups
- https://github.com/302Found1/Awesome-Writeups
- https://github.com/Fa1c0n35/Awesome-Bugbounty-Writeups
- https://github.com/Hacker-Fighter001/Bug-Bounty-Hunter-Articles
- https://github.com/ImranTheThirdEye/Awesome-Bugbounty-Writeups
- https://github.com/Neelakandan-A/BugBounty_CheatSheet
- https://github.com/Prabirrimi/Awesome-Bugbounty-Writeups
- https://github.com/Prodrious/writeups
- https://github.com/R3dg0/writeups
- https://github.com/Saidul-M-Khan/Awesome-Bugbounty-Writeups
- https://github.com/Sumit0x00/Android-bug-hunting-reports--Hackerone-
- https://github.com/SunDance29/for-learning
- https://github.com/TheBountyBox/Awesome-Writeups
- https://github.com/abuzafarhaqq/bugBounty
- https://github.com/ajino2k/Awesome-Bugbounty-Writeups
- https://github.com/alexbieber/Bug_Bounty_writeups
- https://github.com/blitz-cmd/Bugbounty-writeups
- https://github.com/bot8080/awesomeBugbounty
- https://github.com/bugrider/devanshbatham-repo
- https://github.com/choudharyrajritu1/Bug_Bounty-POC
- https://github.com/cybershadowvps/Awesome-Bugbounty-Writeups
- https://github.com/dalersinghmti/writeups
- https://github.com/deadcyph3r/Awesome-Collection
- https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
- https://github.com/dipesh259/Writeups
- https://github.com/ducducuc111/Awesome-Bugbounty-Writeups
- https://github.com/huynhvanphuc/Mobile-App-Pentest
- https://github.com/kurrishashi/Awesome-Bugbounty-Writeups
- https://github.com/kyawthiha7/Mobile-App-Pentest
- https://github.com/piyushimself/Bugbounty_Writeups
- https://github.com/plancoo/Bugbounty_Writeups
- https://github.com/sreechws/Bou_Bounty_Writeups
- https://github.com/webexplo1t/BugBounty
- https://github.com/xbl3/Awesome-Bugbounty-Writeups_devanshbatham
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-16905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16905)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/0xsaju/Awesome-Bugbounty-Writeups`
			`- https://github.com/302Found1/Awesome-Writeups`
			`- https://github.com/Fa1c0n35/Awesome-Bugbounty-Writeups`
			`- https://github.com/Hacker-Fighter001/Bug-Bounty-Hunter-Articles`
			`- https://github.com/ImranTheThirdEye/Awesome-Bugbounty-Writeups`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/Neelakandan-A/BugBounty_CheatSheet`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/Prabirrimi/Awesome-Bugbounty-Writeups`
			`- https://github.com/Prodrious/writeups`
			`- https://github.com/R3dg0/writeups`
			`- https://github.com/Saidul-M-Khan/Awesome-Bugbounty-Writeups`
			`- https://github.com/Sumit0x00/Android-bug-hunting-reports--Hackerone-`
			`- https://github.com/SunDance29/for-learning`
			`- https://github.com/TheBountyBox/Awesome-Writeups`
			`- https://github.com/abuzafarhaqq/bugBounty`
			`- https://github.com/ajino2k/Awesome-Bugbounty-Writeups`
			`- https://github.com/alexbieber/Bug_Bounty_writeups`
			`- https://github.com/blitz-cmd/Bugbounty-writeups`
			`- https://github.com/bot8080/awesomeBugbounty`
			`- https://github.com/bugrider/devanshbatham-repo`
			`- https://github.com/choudharyrajritu1/Bug_Bounty-POC`
			`- https://github.com/cybershadowvps/Awesome-Bugbounty-Writeups`
			`- https://github.com/dalersinghmti/writeups`
			`- https://github.com/deadcyph3r/Awesome-Collection`
			`- https://github.com/devanshbatham/Awesome-Bugbounty-Writeups`
			`- https://github.com/dipesh259/Writeups`
			`- https://github.com/ducducuc111/Awesome-Bugbounty-Writeups`
			`- https://github.com/huynhvanphuc/Mobile-App-Pentest`
			`- https://github.com/kurrishashi/Awesome-Bugbounty-Writeups`
			`- https://github.com/kyawthiha7/Mobile-App-Pentest`
			`- https://github.com/piyushimself/Bugbounty_Writeups`
			`- https://github.com/plancoo/Bugbounty_Writeups`
			`- https://github.com/sreechws/Bou_Bounty_Writeups`
			`- https://github.com/webexplo1t/BugBounty`
			`- https://github.com/xbl3/Awesome-Bugbounty-Writeups_devanshbatham`