fs0c131y - Official Channel
1.76K members
1 photo
54 links
fs0c131y - Official Channel
Download Telegram
to view and join the conversation
Exploiting SQL Injection in Android's Download Provider (CVE-2019-2198)

Blind SQL injection in Android's Download Provider will retrieve user cookies of downloaded file website (e.g. Gmail).
Patched in November's 2019 Android Security Bulletin.
PoC + info:https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere/
Popular Android Malware Threats - January, 2020