After analysing other apps using play core library installed on my device, i saw play core library also provide feature of loading native code(.so files) from /data/data//files/splitcompat/:id/native-libraries/ directory.įASOpenCVDF.apk module was also loading an native library from I was stuck at this stage for a long time finding a way to gain code execution remotely without installing an additional apk. The issue was with this path traversal vulnerability i could not write over existing files… only create new files. The plan was to overwrite this file and acheive code execution remotely, but this was not possible. For more detailed explanation read this articleĪdobe reader app also downloads an module name FASOpenCVDF.apk during runtime of app. Using path traversal bug i can write an arbitrary apk in /data/data//files/splitcompat/1921618197/verified-splits/ directory of the app.The classes from the attacker’s apk would automatically be added to the ClassLoader of the app and malicious code will be executed when called from the app. # Getting RCEĪdobe Acrobat Reader app was using Google play core library to provide additional feature on the go to its users.Ī simple way to know whether an app is using play core library for dynamic code loading is to check for spiltcompat directory in /data/data/:application_id/files/ directory. There was not any sanitization performed in downloadFile variable before passing it into File instance which resulted into path traversal vulnerability. %2F.%2Ffile.pdf as last segment of the url and will return. This method BBIntentUtils.getModifiedFileNameWithExtensionUsingIntentData takes () as argument and which returns the decoded last segment in the path of the url.įor example let take this url so when this url is passed to getLastPathSegment() method it will take. public void handleIntent() ).downloadFile(BBIntentUtils.getModifiedFileNameWithExtensionUsingIntentData(fileURI.getLastPathSegment(), (), null, fileURI), url) When an intent with data url for example is sent to adobe reader app,it downloads the file in /sdcard/Downloads/Adobe Acrobat folder with filename as LastPathSegment(i.e test.pdf) of the sent url.Īctivity receives the intent and starts ARFileURLDownloadActivity activity. There is this intent-filter in the app which shows it will accept http/https url scheme and mimeType should be application/pdf for this actiivity. using path traversal bug and dynamic code loading,i was able to acheive remote code execution. This feature was vulnerable to path traversal vulnerability.Ībode reader was also using Google play core library for dynamic code loading. All in all, Big Faceless Java PDF Viewer proves to be a reliable application for examining and modifying PDFs.While testing Adobe Acrobat reader app, the app has a feature which allows user to open pdfs directly from http/https url. No error messages popped up in our tests, and the tool did not hang or crash. The program has minimal impact on computer performance, since it runs on low CPU and RAM, together with a good response time. View and manage PDFs seamlesslyįurthermore, you can sign and verify the doc in just a few simple steps, as well as manage digital identities by importing and exporting certificates with the name, alias, organization, organization unit, location and validity. It is possible to zoom in and out, rotate pages, prepare the documents for printing, hide the toolbars, as well as use a search function whenĭealing with large amounts of data. The GUI is familiar, based on a normal window with a plain and simple layout, where you can open PDF files to view their content. What's more, unlike most installers, Big Faceless Java PDF Viewer does not add new entries to the Windows registry or Start menu, thus leaving no traces behind after removal. Another option is to save it to a pen drive or other mass storage device, to be able to run it on any machine with Java installed. It is suffice to drop the JNLP file in any part of the hard drive and just click it to run the tool. Java must be installed on the computer in order for this app to launch. It is wrapped in a user-friendly workspace and comes packed with a few practical options. Note : Big Faceless Java PDF Viewer has been integrated with Big Faceless PDF Library, so you have to download the entire library to be able to use the viewer.īig Faceless Java PDF Viewer is a Java-based software utility which gives you the possibility to view and manage PDF documents.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |