Saturday, December 31, 2016

ANDROID PT - DIVA / 8 - Input Validation Issues 2 - File Protocol


- Layout for this exercise:

- Connecting from Santoku to Nexus 5 with ADB:

- Launching the application: 

- Clicking the tab for challenge 8:

- The application asks for an URL, for instance

- The browser opens the website of this blog, as expected:

- However, this circumstance can be used to exploit the browser using a different protocol than HTTP, for instance the File protocol, to read the contents of the internal file system, or even data at external storage.

- From a previous exercise, we have some credentials stored at this path:

- Using the File protocole, access to the uinfo file can be achieved:

- Introducing the File path as input, the content of the uinfo file is displayed:

- In the same way, this input validation vulnerability can be used for accessing data at external storage. For instance, let's say that there is a Key file at the SD card:

- Introducing the path to the external storage or SD card, the content of the Key file is displayed: