es文件浏览器的这个漏洞_ES文件资源管理器中的漏洞将您的所有文件公开给同一网络上的任何人...
es文件浏览器的这个漏洞
For the longest time, ES File Explorer was the de facto file manager on Android. As time has gone on, however, it’s proven to be less trustworthy. A recent vulnerability reminds us why there are better choices now.
在最长的时间内,ES File Explorer是Android上的事实上的文件管理器。 但是,随着时间的流逝,事实证明它不那么值得信赖。 最近的一个漏洞提醒我们为什么现在有更好的选择。
As reported by Android Police, there’s a new vulnerability in ES that exposes your files to anyone on the same network—you only need to open the app once. This bug was found by researching Elliot Alderson, who posted about it on Twitter.
据Android Police报道,ES中存在一个新漏洞,可将您的文件暴露给同一网络上的任何人-您只需打开该应用一次 。 该漏洞是通过研究Elliot Alderson发现的,后者在Twitter上发布了有关此漏洞的信息 。
With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager. The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone https://t.co/Uv2ttQpUcN
ES File Explorer的下载量超过1亿,是最著名的#Android文件管理器之一。 令人惊讶的是:如果您至少打开了一次应用程序,则连接到同一本地网络的任何人都可以从您的手机远程获取文件https://t.co/Uv2ttQpUcN
— Elliot Alderson (@fs0c131y) January 16, 2019
-Elliot Alderson(@ fs0c131y) 2019年1月16日
Apparently, ES leaves port 59777 open on your phone after it’s launched, giving anyone on the same network access to the file structure and beyond. An attacker can use that open port to inject a JSON payload, then get access to—and download—all of your info.
显然,ES在启动后使电话上的端口59777保持打开状态,从而使同一网络上的任何人都可以访问文件结构及其他文件。 攻击者可以使用该开放端口注入JSON有效负载 ,然后访问并下载所有信息。
The upside is that the ES team knows about the issue and says it’s been fixed, with an update incoming:
好处是,ES团队知道了这个问题,并说它已得到解决,并收到更新:
We have fixed the http vulnerability issue and released it. Waiting for the Google market to pass the review.
我们已经修复了http漏洞问题并发布了它。 等待Google市场通过审查。
Still, given ES’ rocky history, this is just another opportunity to remind everyone there are better options out there. If you insist on using ES, I would at least suggestion steering clear of it until the update that fixes this bug is available in the Play Store.
尽管如此,鉴于ES的悠久历史,这只是另一个提醒所有人的更好的机会。 如果您坚持使用ES,那么我至少建议您清除它,直到Play商店中提供解决此错误的更新。
via Android Police
es文件浏览器的这个漏洞