Challenges
Search…
Insufficient URL Validation
The class com.insecureshop.WebViewActivity contains the following code. As per the code, the application registers a path web and a query parameter url.
1
android.net.Uri uri = intent.getData();
2
if (uri != null) {
3
android.net.Uri uri2 = uri;
4
java.lang.String str = null;
5
java.lang.String data = null;
6
if (kotlin.text.StringsKt.equals$default(uri.getPath(), "/web", false, 2, (java.lang.Object) null)) {
7
android.content.Intent intent2 = getIntent();
8
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent2, "intent");
9
android.net.Uri data2 = intent2.getData();
10
if (data2 != null) {
11
str = data2.getQueryParameter("url");
12
}
13
data = str;
14
Copied!
The application does not implement URL validation which would allow remote users to load arbitrary content in webview by passing a deeplink or intent.
Last modified 6mo ago
Copy link