We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
matrix-apk-canary-2.0.1.jar在处理apk文件时首先会将apk文件进行zip解压,恶意apk文件通过例如../../../xxx这类的文件名即可跨越目录,将任意文件写入到任意位置。如果线上服务调用APK Checker的话,攻击者可通过恶意apk文件跨越目录写入公钥文件,或写crontab文件,执行任意命令。
matrix-apk-canary-2.0.1.jar
../../../xxx
The text was updated successfully, but these errors were encountered:
gryamy
Successfully merging a pull request may close this issue.
matrix-apk-canary-2.0.1.jar
在处理apk文件时首先会将apk文件进行zip解压,恶意apk文件通过例如../../../xxx
这类的文件名即可跨越目录,将任意文件写入到任意位置。如果线上服务调用APK Checker的话,攻击者可通过恶意apk文件跨越目录写入公钥文件,或写crontab文件,执行任意命令。The text was updated successfully, but these errors were encountered: