Challenges
  • Introduction
  • InsecureShop Challenges
    • Hardcoded Credentials
    • Insufficient URL Validation
    • Weak Host Validation
    • Arbitrary Code Execution
    • Intent Redirection (Access to Protected Components)
    • Unprotected Data URIs
    • Theft of Arbitrary files from LocalStorage
    • Using Components with Known Vulnerabilities
    • Insecure Broadcast Receiver
    • AWS Cognito Misconfiguration
    • Insecure use of FilePaths in FileProvider
    • Use of Implicit intent to send a broadcast with sensitive data
    • Intercepting Implicit intent to load arbitrary URL
    • Insecure Implementation of SetResult in exported Activity
    • Insecure Content Provider
    • Lack of SSL Certificate Validation
    • Insecure Webview Properties Enabled
    • Insecure Data Storage
    • Insecure Logging
Powered by GitBook
On this page

Was this helpful?

  1. InsecureShop Challenges

Intent Redirection (Access to Protected Components)

The com.insecureshop.WebView2Activity class contains the following code. The code shows that the activity takes intent as extra and passes it to StartActivity.

setContentView(2131492899);
setSupportActionBar((androidx.appcompat.widget.Toolbar) _$_findCachedViewById(com.insecureshop.C0818R.id.toolbar));
setTitle(getString(2131755113));
android.content.Intent extraIntent = (android.content.Intent) getIntent().getParcelableExtra("extra_intent");
if (extraIntent != null) {
    startActivity(extraIntent);
    finish();
    return;

This insecure implementation allows an attacker to bypass Android’s built-in protection and launch any protected components used in the android application.

PreviousArbitrary Code ExecutionNextUnprotected Data URIs

Last updated 3 years ago

Was this helpful?