-
Notifications
You must be signed in to change notification settings - Fork 761
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
scanner.provider.traversal returned exception error. #426
Comments
yup legit. we'll look into it |
So, this is a fun one. At its core, the problem boils down to the logic of the def __test_uri(self, uri, vulnerable):
try:
data = self.contentResolver().read(uri + "/../../../../../../../../../../../../../../../../etc/hosts")
except ReflectionException as e:
if e.message.find("java.io.FileNotFoundException") >= 0 or \
e.message.find("java.lang.IllegalArgumentException") >= 0 or \
e.message.find("java.lang.SecurityException") >= 0 or \
e.message.find("No content provider") >= 0 or \
e.message.find("RuntimeException"):
data = ""
else:
raise
if data != None and len(data) > 0:
vulnerable.add(uri) A cursory read of the def __test_uri(self, uri, vulnerable):
try:
data = self.contentResolver().read(uri + "/../../../../../../../../../../../../../../../../etc/hosts")
except ReflectionException as e:
if "java.io.FileNotFoundException" in str(e) or \
"java.lang.IllegalArgumentException" in str(e) or \
"java.lang.SecurityException" in str(e) or \
"No content provider" in str(e) or \
"RuntimeException" in str(e):
data = ""
else:
raise
if data != None and len(data) > 0:
vulnerable.add(uri) This is all sensible at a glance, but the drozer 2 logic was actually flawed due to a missing Now, drozer 3's logic attempts to implement the same intention, but without the same error. As a result it ends up with a statement that throws the exception much more often. My suspicion is that drozer 2 worked by accident. The obvious solution here appears to be to remove the Once pull request #427 is merged, please try building drozer 3 and see if this works for you. I strongly suspect it will. We'll keep the issue open, because ideally we should add a few exception type checks here and there. |
Keeping this open as a reminder to do further work on those exception checks |
dz> run scanner.provider.traversal -a com.mwr.example.sieve
Attempting to run shell module
Scanning com.mwr.example.sieve...
Exception occured: No files supported by provider at content://com.mwr.example.sieve.DBContentProvider/Passwords//../../../../../../../../../../../../../../../../etc/hosts
The text was updated successfully, but these errors were encountered: