Insecure Content Provider
The Content Provider com.insecureshop.contentProvider.InsecureShopProvider is exported due to the presence of flag android:exported="true".
<provider android:name="com.insecureshop.contentProvider.InsecureShopProvider" android:readPermission="com.insecureshop.permission.READ" android:exported="true" android:authorities="com.insecureshop.provider"/>The content provider com.insecureshop.contentProvider.InsecureShopProvider contains the following code:
public boolean onCreate() {
android.content.UriMatcher uriMatcher2 = new android.content.UriMatcher(-1);
uriMatcher = uriMatcher2;
if (uriMatcher2 == null) {
return true;
}
uriMatcher2.addURI("com.insecureshop.provider", "insecure", 100);
return true;
}
public android.database.Cursor query(android.net.Uri uri, java.lang.String[] projection, java.lang.String selection, java.lang.String[] selectionArgs, java.lang.String sortOrder) {
kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(uri, "uri");
android.content.UriMatcher uriMatcher2 = uriMatcher;
if (uriMatcher2 == null || uriMatcher2.match(uri) != 100) {
return null;
}
android.database.MatrixCursor cursor = new android.database.MatrixCursor(new java.lang.String[]{"username", "password"});
java.lang.String[] strArr = new java.lang.String[2];
java.lang.String username = com.insecureshop.util.Prefs.INSTANCE.getUsername();
if (username == null) {
kotlin.jvm.internal.Intrinsics.throwNpe();
}
strArr[0] = username;
java.lang.String password = com.insecureshop.util.Prefs.INSTANCE.getPassword();
if (password == null) {
kotlin.jvm.internal.Intrinsics.throwNpe();
}
strArr[1] = password;
cursor.addRow(strArr);
return cursor;
}
If the content provider matches the URI insecure, then it allows us to access username and password of the logged-in user.
PreviousInsecure Implementation of SetResult in exported ActivityNextLack of SSL Certificate Validation
Last updated
Was this helpful?