Tongcheng tourism client has the permission to attack and reject Service Attacks

Tongcheng tourism client has the permission to attack and reject Service Attacks

1. The applied permissions can be exploited by other programs.
2. DoS attacks;

The javaser component of the Android client program is exposed to the outside. malicious programs can initiate corresponding action broadcasts, and the apk file in any path can be installed using the installer permission applied by the client in the same city, at the same time, the local client program can crash abnormally.

1. Basic client information:

Apk: com. tongcheng. android, 40, 7.0.0, tongcheng Tourism

Apkmd5: f4703092d815ac4241a4b1e07cb6f7d1

Certificate:

Certmd5: 1f08c00c02c875a310364ee3d9032b32

Issuer: C = CN, ST = jiangsu, L = suzhou, O = same path network, OU = same path network, CN = lance. chen

Subject: C = CN, ST = jiangsu, L = suzhou, O = same path network, OU = same path network, CN = lance. chen

The volume er component defined in the AndroidManifest configuration file is exposed to the outside:
 

The pluer component code in the program, and install the apk through the filePath value in the broadcast:
 

Use the adb am command to simulate the construction of malicious broadcast:
 

The installation page is displayed:
 

Construct a malicious broadcast to crash the program:
 

Attack effect:
 

 

Solution:

1. components are not exposed externally

2. Add Permissions

3. Strictly filter Broadcast Data

4. Add the exception capture code