General ways to find and exploit Path Traversal Vulnerabilities on Android APPs

Presented at DEF CON China Beta (2018), May 11, 2018, 5 p.m. (60 minutes)

Directory traversal vulnerabilities are very common in Android applications. This is also a place that developers ignore easily. Directory traversal vulnerabilities are also very harmful because it can break the application sandbox mechanism of Android. In this paper, we will introduce the research of directory traversal vulnerabilities on the Android platform. from the aspects of what it is, how to find them, what they will cause and how to exploit them. We will explain these contents in a practical way.

Presenters:

• Xiaobo Xiang (Elphet)
  Xiaobo Xiang (Elphet) is a security researcher of 360 Alpha Team. He has submitted multiple bugs to Google and several other vendors in China. He is a Doctor Candidate in University of Chinese Academy of Sciences (UCAS), who mainly focuses on Android vulnerability reseach. In his spare time, he is keen on participating CTF games as a pwner in the CTF team NeSE (aka Never Stop Exploiting), which is a well-known separate CTF team in China.

Links:

• https://defcon.org/html/defcon-china/dc-cn-speakers.html#Xiang

Tags:

• Android

Similar Presentations:

• Black Hat Europe 2015 / AndroBugs Framework: An Android Application Security Vulnerability Scanner
• Summercon 2010 / Android Hax
• THOTCON 0xA (2019) / Extending Archive-Based Path Traversal Attacks