In this blog, I’ll be showing you how we can exploit the Attacking Android Components based content providers vulnerability.
Content Provider components visualize access to shared data resources, like local or remote databases. They all have a unique URI for identification.
For more clarification about content providers follow the Content Provider
Fig 1: Content Provider Flow
I’m using vulnerable Sieve.APK for demonstration purposes. To exploit this vulnerability we need to install drozer into your both devices (Mobile as well as Local System).
Drozer (formerly Mercury) is the leading security testing framework for Android. It provides tools to help you use, share, and understand public android exploits. It helps you to deploy a Drozer Agent to a device through exploitation or social engineering. We can read more about this here Drozer.
Let’s get started,
First, we have to decompile this apkto analyze code android manifest.xml file into that we have to check provider exported attributes and URI (android:name=”DBContentProvider” and android:exported=”true”)
Fig 2: Android Manifest.XML
Run drozer after configuring both the devices to find the attack surface parameter.
Fig 3: Drozer attack surface
So, you can see there are two content providers exported found. Now we must check this into the source code of this application.
Fig 4: Source code of DBContentProvider
We can see that in the code there are two URIS used in the application:
Let’s try to query each of them.
Fig 5: DBContentProvider/Keys
So now you can see in the screenshot we have the master password and pin of the App which manages other Apps password.
Let’s try to change the value of Password from “12345678912345test” to “12345678912345content”
Fig 6: Changing Password Done
Now you can see in the screenshot password is updated.
Fig 7: Password Updated
We can also access the password saved in this Password Manager App by query content://com.mwr.example.sieve.DBContentProvider/Passwords exported URI.
Fig 8: DBContentProvider/Passwords
Author,
Rituraj Vishwakarma
Attack & Pentest Team
Varutra Consulting Pvt. Ltd.
Introduction In the era of digitalization, data security has become a paramount concern. Every day,…
I.Introduction Bluetooth has become an integral technology for billions of smartphones, computers, wearables, and other…
I. Introduction In today's ever-evolving cybersecurity landscape, staying ahead of adversaries has become a challenge.…
Introduction In an increasingly interconnected world, the financial industry is becoming more vulnerable to cyber…
Introduction In today's interconnected world, where smartphones are an extension of our lives, ensuring the…
Introduction Unseen and unpredictable, zero-day threats loom as a constant menace to modern businesses. Detecting…