Skip to content

APK Checker对APK文件处理不当造成安全漏洞 #651

New issue
New issue
Closed
#660
Closed
APK Checker对APK文件处理不当造成安全漏洞#651
#660
Assignees
gryamy
@tzrj0

Description

@tzrj0
tzrj0
opened on Sep 24, 2021

matrix-apk-canary-2.0.1.jar在处理apk文件时首先会将apk文件进行zip解压,恶意apk文件通过例如../../../xxx这类的文件名即可跨越目录,将任意文件写入到任意位置。如果线上服务调用APK Checker的话,攻击者可通过恶意apk文件跨越目录写入公钥文件,或写crontab文件,执行任意命令。

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions