New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

APK Checker对APK文件处理不当造成安全漏洞 #651

Closed

tzrj0 opened this issue Sep 24, 2021 · 0 comments · Fixed by #660

Assignees

tzrj0 commented Sep 24, 2021

matrix-apk-canary-2.0.1.jar在处理apk文件时首先会将apk文件进行zip解压，恶意apk文件通过例如../../../xxx这类的文件名即可跨越目录，将任意文件写入到任意位置。如果线上服务调用APK Checker的话，攻击者可通过恶意apk文件跨越目录写入公钥文件,或写crontab文件，执行任意命令。

The text was updated successfully, but these errors were encountered:

gryamy self-assigned this

gryamy mentioned this issue

Matrix v2.0.2 #660

Merged

gryamy closed this as completed in #660

# for free to join this conversation on GitHub. Already have an account? # to comment