AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Adobe pdf reader java download1/5/2024 # Getting RCEĪdobe Acrobat Reader app was using Google play core library to provide additional feature on the go to its users.Ī simple way to know whether an app is using play core library for dynamic code loading is to check for spiltcompat directory in /data/data/:application_id/files/ directory. There was not any sanitization performed in downloadFile variable before passing it into File instance which resulted into path traversal vulnerability. %2F.%2Ffile.pdf as last segment of the url and will return. This method BBIntentUtils.getModifiedFileNameWithExtensionUsingIntentData takes () as argument and which returns the decoded last segment in the path of the url.įor example let take this url so when this url is passed to getLastPathSegment() method it will take. public void handleIntent() ).downloadFile(BBIntentUtils.getModifiedFileNameWithExtensionUsingIntentData(fileURI.getLastPathSegment(), (), null, fileURI), url) When an intent with data url for example is sent to adobe reader app,it downloads the file in /sdcard/Downloads/Adobe Acrobat folder with filename as LastPathSegment(i.e test.pdf) of the sent url.Īctivity receives the intent and starts ARFileURLDownloadActivity activity. There is this intent-filter in the app which shows it will accept http/https url scheme and mimeType should be application/pdf for this actiivity. using path traversal bug and dynamic code loading,i was able to acheive remote code execution. This feature was vulnerable to path traversal vulnerability.Ībode reader was also using Google play core library for dynamic code loading. An accessible website is one that can be navigated and understood by everyone.While testing Adobe Acrobat reader app, the app has a feature which allows user to open pdfs directly from http/https url.If a table has headers, using header tags () will make the table more accessible.If an image is only being used for decoration, the alt text should be null (i.e., alt="").If an image is a link, the alt text for the image should explain where the link goes.Alt text should describe an image, if the purpose of the image is to convey information.HTML uses the alt attribute to provide a text description of an image. ![]() "Alt" is an attribute used with the img tag.
0 Comments
Read More
Leave a Reply. |