I am looking to get a .apk file for testing the Directory traversal vulnerability.
https://github.com/rubyzip/rubyzip/issues/315
We have upgraded the rubyzip gem to address this issue. And I want find sample .apk file for testing the fix.
Asked
Active
Viewed 292 times
1 Answers
0
The example in the book, Hacking Android, covers the Adobe Reader 10.3.1 APK (Adobe_Reader_10.3.1.apk) using the free open-source attack tool, MWR Labs Drozer. The book section title is Path traversal in content providers, part of Chapter 8 on Client-Side Attacks - Dynamic Analysis Techniques.
dz> run scanner.provider.traversal -a com.adobe.reader
Scanning com.adobe.reader... Vulnerable Providers:
content://com.adobe.reader.fileprovider
MWR Labs Drozer includes a purposely-vulnerable APK called Sieve. If you want to write code to exploit Sieve, check out the -- https://github.com/tanprathan/sievePWN -- project, which includes source code to build your own APK2APK attacks, including the targeting of Directory (aka Path) Traversal. If you search for "apk path-traversal" you are bound to find dozens, if not hundreds, more.
