Content Provider file directory traversal vulnerability analysis-vulnerability warning-the black bar safety net

ID MYHACK58:62201559914
Type myhack58
Reporter 佚名
Modified 2015-03-14T00:00:00


The ## 1. File directory traversal vulnerabilities description

Android Content Provider file directory traversal security vulnerabilities, the vulnerabilities stem from external exposure Content Provider components of the application, not the Content Provider component to access the access control and the access target file of the Content of the Query Uri is determined valid, the attacker to use the application exposed to the Content Provider's openFile()interface for file directory traversal in order to achieve access to any readable file object; and In less vulnerability on the platform, there is a lot due to the Content Provider file directories to traverse and lead to information disclosure vulnerabilities, such as the Cheetah browser Android any private file data may be local third party stealing vulnerability[1], and Ganji is the Android client Content Provider component arbitrary file read vulnerability[2], The 5 8 the same city Android client remote file write vulnerability[3], Path traversal vulnerability on Adobe Reader (Android) Application[4], The Kaseya Browser Android Path Traversal[5]. Fig.

2. File directory traversal security vulnerabilities affecting the scope of the

Android all system

3. File directory traversal security vulnerability details

1) exploit the position of:




ContentProvider. openFile(Uri uri, String mode)


2) vulnerability to trigger the prerequisites:

External exposure of the Content Provider component implements the openFile()interface; Not to the access of the target file Uri to a valid judgment, as there is no filtering restrictions, such as“../”can be any readable file to access the Content of the Query Uri;

3) the vulnerability principle:

[1] [2] [3] next