MobSF Arbitrary File Write Vulnerability via Absolute Paths in .a Archives
Vulnerability
A vulnerability in MobSF version 4.4.0 allows authenticated users to write arbitrary files to any directory writable by the user running the MobSF process. This issue arises when .a archives containing absolute file paths are uploaded, as the application extracts the files to locations outside the intended working directory. The vulnerability has been patched in version 4.4.1.
Impact
Exploitation of this vulnerability allows for arbitrary file writing, which can overwrite important application files such as the database, leading to application malfunctions. Additionally, if the process has access to certain directories, this could result in a stored cross-site scripting vulnerability.
Reproduction
To reproduce this vulnerability, upload a .a archive that includes absolute paths to writable locations, such as the temporary directory or application data directories. Once the archive is uploaded, MobSF will extract the contents, overwriting any files specified by the absolute paths.
Remediation
Users can update to MobSF version 4.4.1, which addresses this vulnerability by rejecting absolute paths and normalizing file names before writing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.