Hi All, I have read the references, but not sure of some parts. For example, I know that it is possible to access SDCard contents through Android browser. But I don't understand the javascript portion mentioned in: http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/
Why? Because html attachments is automatically downloaded. But how to open the html attachment in Android browser? I thought all HTML attachments can only be viewed in HTML Viewer? (Am I correct?) Regards, Perumal On Feb 10, 1:29 pm, perumal316 <[email protected]> wrote: > Hi All, > > Read about this vulnerability: > > http://www.csc.ncsu.edu/faculty/jiang/nexuss.html > > The article explains that from a website when visited from Android's > mobile browser, it is possible to upload contents from the phone's > sdcard in the background. > > In applications we specify the necessary permission to access external > storage and use file:///sdcard to access the contents. > > Thus does it means that within the html code of a website if we do a > HTTP POST of a file and specify the directory as for example > file:///sdcard/example.txt then this file can be uploaded from the > sdcard into the web server in the background? > > As the article mentions that the vulnerability affects Android 2.3 the > previous versions are also affected? > > Regards, > Perumal -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
