-
Status: Completed.
-
Description: In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
-
Type: ID
-
Severity: High
-
Links:
- NVD
- Execute "strict" queries with extra parentheses
- All untrusted selections must go through builder
- Extend SQLiteQueryBuilder for update and delete
- PoC
-
Exploit: Perform SQL injection like in the PoC
-
Patch: Check if parentheses are opened and closed correctly, if not in order then a sqli is detected and a null Cursor is returned. Done for the ContentResolver query method.