CVE-2019-2198 PoC — Android Framework组件SQL注入漏洞

Source

https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere

Associated Vulnerability

Title:Android Framework组件SQL注入漏洞 (CVE-2019-2198)
Description:Android是美国谷歌（Google）和开放手持设备联盟（简称OHA）的一套以Linux为基础的开源操作系统。Framework是其中的一个Android框架组件。 Android中的Framework组件存在安全漏洞。攻击者可利用该漏洞泄露信息。

Description

PoC Exploiting SQL Injection in Android's Download Provider in Selection Parameter (CVE-2019-2198)

Readme

# AOSP-DownloadProviderDbDumperSQLiWhere
PoC Exploiting SQL Injection in Android's Download Provider in Selection Parameter (CVE-2019-2198)

## Security Advisory
[Android (AOSP) Download Provider SQL Injection in Query Selection Parameter (CVE-2019-2198)](https://act-on.ioactive.com/acton/attachment/34793/f-0b1db136-6474-4c86-b944-0ba96a89283a/1/-/-/-/-/cve-2019-2198.pdf)

## Demo
![PoC video](demo.gif)

File Snapshot


 [4.0K]  /data/pocs/7f3456fde9202c712aa23491278f1551b79ba3db
├── [4.0K]  app
│   ├── [ 978]  build.gradle
│   ├── [ 751]  proguard-rules.pro
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [ 853]  AndroidManifest.xml
│           ├── [4.0K]  java
│           │   └── [4.0K]  com
│           │       └── [4.0K]  ioactive
│           │           └── [4.0K]  downloadProviderDbDumperSQLiWhere
│           │               └── [8.1K]  MainActivity.java
│           └── [4.0K]  res
│               ├── [4.0K]  drawable
│               │   └── [5.5K]  ic_launcher_background.xml
│               ├── [4.0K]  drawable-v24
│               │   └── [1.8K]  ic_launcher_foreground.xml
│               ├── [4.0K]  layout
│               │   └── [1.8K]  activity_main.xml
│               ├── [4.0K]  mipmap-anydpi-v26
│               │   ├── [ 272]  ic_launcher_round.xml
│               │   └── [ 272]  ic_launcher.xml
│               ├── [4.0K]  mipmap-hdpi
│               │   ├── [3.0K]  ic_launcher.png
│               │   └── [4.9K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-mdpi
│               │   ├── [2.0K]  ic_launcher.png
│               │   └── [2.8K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-xhdpi
│               │   ├── [4.5K]  ic_launcher.png
│               │   └── [6.9K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-xxhdpi
│               │   ├── [6.3K]  ic_launcher.png
│               │   └── [ 10K]  ic_launcher_round.png
│               ├── [4.0K]  mipmap-xxxhdpi
│               │   ├── [9.0K]  ic_launcher.png
│               │   └── [ 15K]  ic_launcher_round.png
│               └── [4.0K]  values
│                   ├── [ 208]  colors.xml
│                   ├── [  93]  strings.xml
│                   └── [ 383]  styles.xml
├── [ 546]  build.gradle
├── [549K]  demo.gif
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 53K]  gradle-wrapper.jar
│       └── [ 233]  gradle-wrapper.properties
├── [ 726]  gradle.properties
├── [5.2K]  gradlew
├── [2.1K]  gradlew.bat
├── [ 34K]  LICENSE
├── [ 407]  README.md
└── [  15]  settings.gradle

20 directories, 32 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!