Intent Redirection (Access to Protected Components)

The com.insecureshop.WebView2Activity class contains the following code. The code shows that the activity takes intent as extra and passes it to StartActivity.

setContentView(2131492899);
setSupportActionBar((androidx.appcompat.widget.Toolbar) _$_findCachedViewById(com.insecureshop.C0818R.id.toolbar));
setTitle(getString(2131755113));
android.content.Intent extraIntent = (android.content.Intent) getIntent().getParcelableExtra("extra_intent");
if (extraIntent != null) {
    startActivity(extraIntent);
    finish();
    return;

This insecure implementation allows an attacker to bypass Android’s built-in protection and launch any protected components used in the android application.

PreviousArbitrary Code ExecutionNextUnprotected Data URIs

Last updated