AdSense

Saturday, December 31, 2016

ANDROID PT - DIVA / 8 - Input Validation Issues 2 - File Protocol


INPUT VALIDATION ISSUES 2 - FILE PROTOCOL 


- Layout for this exercise:



- Connecting from Santoku to Nexus 5 with ADB:




- Launching the application: 





- Clicking the tab for challenge 8:






- The application asks for an URL, for instance https://dgmsp.blogspot.com:





































- The browser opens the website of this blog, as expected:




- However, this circumstance can be used to exploit the browser using a different protocol than HTTP, for instance the File protocol, to read the contents of the internal file system, or even data at external storage.

- From a previous exercise, we have some credentials stored at this path:







- Using the File protocole, access to the uinfo file can be achieved:




- Introducing the File path as input, the content of the uinfo file is displayed:




- In the same way, this input validation vulnerability can be used for accessing data at external storage. For instance, let's say that there is a Key file at the SD card:








- Introducing the path to the external storage or SD card, the content of the Key file is displayed: