Exploit needs to be able to determine the exact path + filename of any file to be stolen.
The securityfocus.com entry referenced above includes a demo script implementing the exploit if you want to see the details.
Just wrap the XHR requests to the local URIs in a try/catch and go fishing for filenames of interest within standard directories.
As mentioned in Cannon's original article, photos would be an easy target given the common location plus filename format for the jpg files
(e.g., /sdcard/DCIM/Camera/IMG_yyyymmdd_hhmmss.jpg). Another interesting directory to poke around in would be /sdcard/Android/data/com.dropbox.android/files/scratch/.
I tweaked the demo script a bit and was able to steal my own dropbox files and photos on my junky little LG Optimus V on Android 2.2.1. Good Times.
Yup. If you plan to enter the internet-/affiliate-marketing space you'll want to keep tabs on what this crowd of folks is up to. You'll learn that this is a space inhabited by an interesting spectrum of people...from clever, helpful people displaying an inspiring amount of hustle to straight-up criminals.
Also, careful clicking any links in those forums. Lots of disgusting, immature people over there.
"Don't use the nice readable str + str syntax to concatenate, instead, use StringBuilder"
Depending on who the audience is for your coding standards, this may not be a bad standard to have. In certain scenarios (e.g. building a very large String in a loop), appending with a StringBuilder can be vastly more efficient than "str+=" concatenation. Without the standard, the audience needs to know when it's not appropriate to use "str+=" concatentation.
http://thomascannon.net/blog/2010/11/android-data-stealing-v...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-480...
http://www.securityfocus.com/bid/48256/info
Exploit needs to be able to determine the exact path + filename of any file to be stolen. The securityfocus.com entry referenced above includes a demo script implementing the exploit if you want to see the details. Just wrap the XHR requests to the local URIs in a try/catch and go fishing for filenames of interest within standard directories. As mentioned in Cannon's original article, photos would be an easy target given the common location plus filename format for the jpg files (e.g., /sdcard/DCIM/Camera/IMG_yyyymmdd_hhmmss.jpg). Another interesting directory to poke around in would be /sdcard/Android/data/com.dropbox.android/files/scratch/. I tweaked the demo script a bit and was able to steal my own dropbox files and photos on my junky little LG Optimus V on Android 2.2.1. Good Times.