Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

APK Checker对APK文件处理不当造成安全漏洞 #651

Closed
tzrj0 opened this issue Sep 24, 2021 · 0 comments · Fixed by #660
Closed

APK Checker对APK文件处理不当造成安全漏洞 #651

tzrj0 opened this issue Sep 24, 2021 · 0 comments · Fixed by #660
Assignees

Comments

@tzrj0
Copy link

tzrj0 commented Sep 24, 2021

matrix-apk-canary-2.0.1.jar在处理apk文件时首先会将apk文件进行zip解压,恶意apk文件通过例如../../../xxx这类的文件名即可跨越目录,将任意文件写入到任意位置。如果线上服务调用APK Checker的话,攻击者可通过恶意apk文件跨越目录写入公钥文件,或写crontab文件,执行任意命令。

@gryamy gryamy self-assigned this Oct 29, 2021
@gryamy gryamy mentioned this issue Oct 29, 2021
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants