The ## 1. File directory traversal vulnerabilities description
Android Content Provider file directory traversal security vulnerabilities, the vulnerabilities stem from external exposure Content Provider components of the application, not the Content Provider component to access the access control and the access target file of the Content of the Query Uri is determined valid, the attacker to use the application exposed to the Content Provider's openFile()interface for file directory traversal in order to achieve access to any readable file object; and In less vulnerability on the platform, there is a lot due to the Content Provider file directories to traverse and lead to information disclosure vulnerabilities, such as the Cheetah browser Android any private file data may be local third party stealing vulnerability, and Ganji is the Android client Content Provider component arbitrary file read vulnerability, The 5 8 the same city Android client remote file write vulnerability, Path traversal vulnerability on Adobe Reader (Android) Application, The Kaseya Browser Android Path Traversal. Fig.
Android all system
ContentProvider. openFile(Uri uri, String mode)
External exposure of the Content Provider component implements the openFile()interface; Not to the access of the target file Uri to a valid judgment, as there is no filtering restrictions, such as“../”can be any readable file to access the Content of the Query Uri;