Hello all,
I have scan and found some data leak, it can used for SQL Injection. But
i'm not sure about that.
anyway, Could you help me to confirm that issues are Security Issues or not.
You can found result in below:
Package Name Uri
Error Type Log Data com.google.android.googlequicksearchbox
content://com.google.settings/partner
SQL PROJECTION + WHERE android.database.sqlite.SQLiteException:
unrecognized token: "' FROM partner" (code 1): , while compiling: SELECT '
FROM partnerandroid.database.sqlite.SQLiteException: unrecognized token:
"')" (code 1): , while compiling: SELECT * FROM partner WHERE (')
com.google.android.googlequicksearchbox
content://com.google.settings/partner
_id | name | value |
-------------------------------------------------------------
22 | logging_id2 | -312d225f19cfcf7b |
36 | use_location_for_services | 1 |
623 | data_store_version | 3 |
624 | client_id | android-google |
625 | search_client_id | ms-android-google |
626 | chrome_client_id | ms-android-google |
627 | maps_client_id | gmm-android-google |
628 | youtube_client_id | mvapp-android-google |
629 | market_client_id | am-android-google |
630 | wallet_client_id | wallet-android-google |
634 | network_location_opt_in | 0 |
com.google.android.gms content://com.google.android.gms.ads.adinfo/ FILE
TRAVERSAL None com.google.android.gms
content://com.google.android.gms.ads.adinfo/
<html>
<head>
<title>Ad Info Fetcher</title>
<script
src="https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/adinfo.js";></script>
<script
type="text/javascript">setAdInfo("AI4ME0uQrFwalZ6CoM0qurv9orWKSE_6i2e3vQrLqVWFHkUUK9CiqkeeFASxdd00eHA100yjNQJbZuXRISGJSWSdKdhqXu6M8y3uhRctkTWD8ZGRUNvqbSsPhbnA4-WsDwVgqMPwI2JmY_1zRJH7bYHgvVFoN94u2lucb16ShcaIgFCixMviUrEhKn-z0NZ5no0WD3_RMpLfuhF4uZlr6dlHgerd6iBklky0TSkvZp_hVWiaayr7XFRRW_piYtPWKXDzKZgOZDh048u81iR3MdXL_8AFExUlabirhyp-4Z7aSUox6N1OfvrTCU1h7yWEbN0NsNF3IND3yWP7PjKHnSFSDJMv");</script>
</head>
</html>
|
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
** Now I can not put result file to this post. I will try to upload it
late. Sorry for this inconvenience.*
Thank you so much!
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
