1 00:00:00,090 --> 00:00:04,870 - Hello, and welcome to the Android Security and Exploitation training series 2 00:00:04,870 --> 00:00:09,950 by Pentester Academy. My name is Aditya and I am your course instructor for this 3 00:00:09,950 --> 00:00:15,020 entire training series. So this course is being run on PentestersAcademy.com as well 4 00:00:15,020 --> 00:00:21,350 as securitytube-training.com is where you get your certifications. So this 5 00:00:21,350 --> 00:00:26,080 particular video is about the Damn Insecure and Vulnerable Application, or 6 00:00:26,080 --> 00:00:32,620 "DIVA" and we are checking out the "Input Validation Issues - Part 2", right. So in 7 00:00:32,620 --> 00:00:37,400 the previous Input Validation Issue, it was a classic case of a SQL injection 8 00:00:37,400 --> 00:00:44,330 vulnerability. Now in this case, if you look at the application, or the "Input 9 00:00:44,330 --> 00:00:50,940 Validation Issues - Part 2", it asks you to enter a URL, and that particular URL 10 00:00:50,940 --> 00:01:01,440 content will be displayed below, right. So let's say if I enter "www.attify.com", it 11 00:01:01,440 --> 00:01:07,130 tries to open the attify.com website, but it isn't able to, right, because there's a 12 00:01:07,130 --> 00:01:12,750 proxy server on the device or for some other reason. Now, at the same time, you 13 00:01:12,750 --> 00:01:20,050 might wonder that since it is able to open the websites using this embedded web view, 14 00:01:20,050 --> 00:01:28,210 will it be able to access the internal files using the file protocol, right. So 15 00:01:28,210 --> 00:01:39,840 if we look at the "adb shell", and let's say "/data/data/jakhar.aseem.diva", and we 16 00:01:39,840 --> 00:01:47,240 notice we have a file over here. So let's try to read this file from this particular 17 00:01:47,240 --> 00:01:58,720 browser, or the embedded browser. So we'll do "file:///data/data/jakhar.aseem.diva/" 18 00:01:58,720 --> 00:02:07,690 the file name, right. Let's just remove the space from here and everything looks 19 00:02:07,690 --> 00:02:11,380 well and good. And if we try to click on "view," it 20 00:02:11,380 --> 00:02:18,040 actually showed us the contents for this particular file, right. So 21 00:02:18,040 --> 00:02:24,370 "aditya:aditya123" is stored over here and this is what we get over here. Now, this 22 00:02:24,370 --> 00:02:29,790 is a really critical security issue because an attacker can use this 23 00:02:29,790 --> 00:02:34,300 particular functionality to read the internal files from the file system, 24 00:02:34,300 --> 00:02:40,450 right. So maybe it could be a simple information as the temporary files, or it 25 00:02:40,450 --> 00:02:45,780 could be something as sensitive as a cookie stored in one of the databases, 26 00:02:45,780 --> 00:02:50,700 right. So this is what you can do with these kind of security issues with the 27 00:02:50,700 --> 00:02:57,400 input validation flaw. And also, you might wonder that since you are able to read the 28 00:02:57,400 --> 00:03:05,020 local data storage, will you also be able to read the external storage? Now, since 29 00:03:05,020 --> 00:03:09,500 the application has permissions to read the external data storage, let's try to 30 00:03:09,500 --> 00:03:17,370 read a file stored on the SD card. And for this example, let's try to simply read the 31 00:03:17,370 --> 00:03:29,990 "test.txt", which contains a string called "secret". Let me just delete this and try 32 00:03:29,990 --> 00:03:38,130 to read the "/mnt/sdcard/test.txt" which is a file stored on the external data. And 33 00:03:38,130 --> 00:03:43,370 it shows us the contents of this particular file, right. So this is one of 34 00:03:43,370 --> 00:03:48,548 the examples of how an input validation issue could lead to the data being stolen 35 00:03:48,548 --> 00:03:54,960 or the sensitive data being compromised. And that is all for this particular video. 36 00:03:54,960 --> 00:04:00,671 So you might want to experiment with what else you can do with the input validation 37 00:04:00,671 --> 00:04:02,114 issue as well. 38 00:04:02,114 --> 00:04:07,518 So thanks for watching the video, and if you have any feedback or queries, feel 39 00:04:07,518 --> 00:04:13,146 free to reach out to me @adi1391 or you can email me at adi@attify.com. 40 00:04:13,146 --> 00:04:15,000 See you in the next video.