Git Product home page Git Product logo

logkitty's Issues

Can't select device

I can't select the device that I want to log

In the example it was a physical device and AVD emulator

✖︎ Ups, something went wrong

CODE ▶︎ ERR_ANDROID_CANNOT_GET_APP_PID
MESSAGE ▶︎ Command failed: adb shell pidof -s co.solarismobile.animal.puzzle
error: more than one device/emulator

ANDROID_HOME is deprecated by Google and unclear error message

I had some trouble getting messages saying that "adb" is not a recognized internal command.

So i had to open the source code to realize that logkitty uses the "ANDROID_HOME" variable.

But according to Android site, ANDROID_HOME is now deprecated in favor of ANDROID_SDK_ROOT.

https://developer.android.com/studio/command-line/variables

Also would be good to improve the error message saying where is logkitty looking for, since google results says to set the Path variable.

huntr - RCE via insecure command formatting (Command Injection)

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Details

I would like to report a RCE issue in the logkitty module.
It allows to execute arbitrary commands remotely inside the victim's PC

Vulnerability Description

The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/zamotany/logkitty/blob/master/src/android/adb.ts#L55

Steps To Reproduce

  1. Check there aren't files called HACKED.
  2. Execute the following commands in another terminal:
npm i logkitty # Install affected module
logkitty android app 'test; touch HACKED' #  Note the *touch command* is inside the *'* (single quote), so it's an argument, while it will be executed anyway
  1. Recheck the files: now HACKED has been created.

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

Roadmap

Roadmap

  • support for multiple Android devices
  • support for iOS devices

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.