query_provider
Query Android content providers to retrieve data and test for injection vulnerabilities. Customize projections, selections, and sort orders to exploit injectable URIs.
Instructions
Query a content provider URI.
Args:
uri: The content://... URI to query.
projection: Optional list of column names to project.
selection: Optional WHERE clause; can include ? placeholders.
selection_args: Values for the ? placeholders in selection.
sort_order: Optional ORDER BY clause.
Returns the raw provider response. Useful in concert with the injection scanner — once you find an injectable URI, this tool exercises it.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| uri | Yes | ||
| selection | No | ||
| projection | No | ||
| sort_order | No | ||
| selection_args | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||