insecure-provider-path: Android Insecure Provider Path - Detect

漏洞描述

PoC代码[已公开]

id: insecure-provider-path

info:
  name: Android Insecure Provider Path - Detect
  author: gaurang
  severity: medium
  description: Android insecure provider path was detected.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  tags: android,file

file:
  - extensions:
      - all
    matchers:
      - type: regex
        regex:
          - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\".\""
          - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\"\""
# digest: 490a0046304402203858f341ea554b0d4fc99b0e4e7336a9cecb33181dc4a28cb813f41a7ebd9c7702201a1219bef1b82e16e9053e4378711c63bdf192cca96727fca2cddc07f0ba4a20:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC unauth-hawkeye-dashboard: Unauth Hawkeye Dashboard - Detect
• POC unauth-phoenix-dashboard: Unauth Phoenix Dashboard - Detect
• POC unauth-supervisor-dashboard: Unauth Supervisor Dashboard - Detect
• POC weak-csp-detect: Weak Content Security Policy - Detect
• Centreon Web /centreon/api/latest/authentication/providers/configurations/local 默认口令漏洞
• POC mailgun-takeover: Mailgun Takeover Detection
• (CVE-2025-0087) Android UninstallerActivity onCreate 方法权限漏洞 权限管理错误
• honeypot-detection: Honeypot Detection
• backup-files: Compressed Backup File - Detect
• shiro-key-detect: Shiro Key Detection
• 金和OA C6 /c6/jhsoft.mobileapp/AndroidSevices/HomeService.asmx/GetHomeInfo SQL 注入漏洞
• POC CVE-2017-18349: Fastjson Insecure Deserialization - Remote Code Execution
• POC CVE-2018-19276: OpenMRS Platform < 2.24.0 - Insecure Object Deserialization