Path Traversal Vulnerability in OI File Manager for Android
# Disclosure Date: 12/02/2014
# Author: Keith Makan
# Vendor or Software Link: org.openintents.filemanager
# Version: 2.0.5
# Tested on: Android 3.2.1 (HTC Flyer)
# Tools : Drozer, Bash
DescriptionOI File Manager (version 2.0.5) for Android suffers from a Path Traversal vulnerability. The vulnerability stems from inadequate protection of the org.openintents.filemanager.FileManager Content Provider and associated URIs.
Here's the content provider causing the issue:
The following screenshot details the actual implementation of the vulnerable content provider:
This vulnerability allows unauthorized applications to abuse the external storage related permission granted to this application and leak information about any world readable files on the files system, as well as brute-force valid path-names.
Currently an estimated 5,000,000 - 10,000,000 installs affected.
Proof Of Concept
- Vulnerability Discovered 10/02/201 -- No vendor contact available
- Public Disclosure 24/02/2014
As their could be abused to read or even save/write arbitrary files on the filesystem.