sinaweibosdk/weibo_android_sdk

IntentBridge组件权限泄露漏洞

Jayson-duyongping opened this issue · 0 comments

Jayson-duyongping commented

使用最新的微博SDK13.10.0,还是有此高危漏洞,麻烦解决。

漏洞描述: IntentBridge组件权限泄露漏洞
漏洞等级 : 高危
威胁分类 : M1:平台特性误用
产生原因 : 导出组件未校验外部Intent参数数据
漏洞影响 : 攻击者可以通过该导出组件打开其它未导出的组件,导致组件权限泄露
漏洞详情:
1
漏洞组件 : com.sina.weibo.sdk.share.ShareTransActivity
攻击面入口 :
$r2 = virtualinvoke r0.<android.app.Activity: android.content.Intent getIntent()>()
漏洞触发点 :
virtualinvoke r0.<android.app.Activity: void startActivityForResult(android.content.Intent,int)>($r3, 10001)
触发位置 ->
<com.sina.weibo.sdk.share.ShareTransActivity: void onCreate(android.os.Bundle)>
$r2 = virtualinvoke r0.<android.app.Activity: android.content.Intent getIntent()>()
r0.<com.sina.weibo.sdk.share.ShareTransActivity: android.content.Intent b> = $r2
virtualinvoke r0.<com.sina.weibo.sdk.share.ShareTransActivity: void c(com.sina.weibo.sdk.api.WeiboMultiMessage)>($r8)
<com.sina.weibo.sdk.share.ShareTransActivity: void c(com.sina.weibo.sdk.api.WeiboMultiMessage)>
$r3 = r0.<com.sina.weibo.sdk.share.ShareTransActivity: android.content.Intent b>
$r7 = virtualinvoke $r3.<android.content.Intent: android.os.Bundle getExtras()>()
virtualinvoke $r3.<android.content.Intent: android.content.Intent putExtras(android.os.Bundle)>($r7)
virtualinvoke r0.<android.app.Activity: void startActivityForResult(android.content.Intent,int)>($r3, 10001)

2
漏洞组件 : com.sina.weibo.sdk.share.ShareTransActivity
攻击面入口 :
$r2 = virtualinvoke r0.<android.app.Activity: android.content.Intent getIntent()>()
漏洞触发点 :
virtualinvoke r0.<android.app.Activity: void startActivityForResult(android.content.Intent,int)>($r3, 10001)
漏洞触发路径 :
<com.sina.weibo.sdk.share.ShareTransActivity: void onCreate(android.os.Bundle)>
$r2 = virtualinvoke r0.<android.app.Activity: android.content.Intent getIntent()>()
r0.<com.sina.weibo.sdk.share.ShareTransActivity: android.content.Intent b> = $r2
virtualinvoke r0.<com.sina.weibo.sdk.share.ShareTransActivity: void c(com.sina.weibo.sdk.api.WeiboMultiMessage)>($r8)
<com.sina.weibo.sdk.share.ShareTransActivity: void c(com.sina.weibo.sdk.api.WeiboMultiMessage)>
$r11 = r0.<com.sina.weibo.sdk.share.ShareTransActivity: android.content.Intent b>
$r4 = virtualinvoke $r11.<android.content.Intent: java.lang.String getStringExtra(java.lang.String)>("start_web_activity")
virtualinvoke $r3.<android.content.Intent: android.content.Intent setClassName(android.content.Context,java.lang.String)>(r0, $r4)
virtualinvoke r0.<android.app.Activity: void startActivityForResult(android.content.Intent,int)>($r3, 10001)