\nIn this blog, I\u2019ll be showing you how we can exploit the Attacking Android Components based content providers vulnerability.<\/p>\n
<\/p>\n
What are Content Providers and Why it is used:<\/strong><\/h3>\n
Content Provider components visualize access to shared data resources, like local or remote databases. They all have a unique URI for identification.<\/p>\n
\n
Content Provider component supplies data from one application to another application on request.<\/li>\n
You\u2019ll be able to store the data in the file system, an SQLite database, on the web, or any other persistent storage location your app can access.<\/li>\n
Through the content provider, other apps can query or even modify the data (if the content provider allows it).<\/li>\n
It is useful in cases when an app wants to share data with another app.<\/li>\n
It is much similar to databases and has four methods.<\/li>\n
![](\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2021\/08\/Attacking-Android-Components-Content-Providers-1024x535.png\" "\\"Attacking")
![\"Attacking](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/Content-Provider-Flow.png\")
<\/p>\n![\"Android](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/Android-Manifest.png\")
<\/p>\n![\"Drozer](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/Drozer-attack-surface.png\")
<\/p>\n![\"Source](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/Source-code-of-DB-Content-Provider.png\")
<\/p>\n![\"DB](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/DB-Content-Provider-or-Keys.png\")
<\/p>\n![\"Changing](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/Changing-Password-Done.png\")
<\/strong><\/p>\n![\"Password](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/Password-Updated.png\")
<\/p>\n![\"DB](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2021\/08\/DB-Content-Provider-or-Passwords.png\")
<\/p>\n