Challenges
Search…
Introduction
InsecureShop Challenges
Hardcoded Credentials
Insufficient URL Validation
Weak Host Validation
Arbitrary Code Execution
Intent Redirection (Access to Protected Components)
Unprotected Data URIs
Theft of Arbitrary files from LocalStorage
Using Components with Known Vulnerabilities
Insecure Broadcast Receiver
AWS Cognito Misconfiguration
Insecure use of FilePaths in FileProvider
Use of Implicit intent to send a broadcast with sensitive data
Intercepting Implicit intent to load arbitrary URL
Insecure Implementation of SetResult in exported Activity
Insecure Content Provider
Lack of SSL Certificate Validation
Insecure Webview Properties Enabled
Insecure Data Storage
Insecure Logging
Powered By GitBook
Insufficient URL Validation
The class com.insecureshop.WebViewActivity contains the following code. As per the code, the application registers a path web and a query parameter url.
1
android.net.Uri uri = intent.getData();
2
if (uri != null) {
3
android.net.Uri uri2 = uri;
4
java.lang.String str = null;
5
java.lang.String data = null;
6
if (kotlin.text.StringsKt.equals$default(uri.getPath(), "/web", false, 2, (java.lang.Object) null)) {
7
android.content.Intent intent2 = getIntent();
8
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent2, "intent");
9
android.net.Uri data2 = intent2.getData();
10
if (data2 != null) {
11
str = data2.getQueryParameter("url");
12
}
13
data = str;
14
Copied!
The application does not implement URL validation which would allow remote users to load arbitrary content in webview by passing a deeplink or intent.
InsecureShop Challenges - Previous
Hardcoded Credentials
Next - InsecureShop Challenges
Weak Host Validation
Last modified 6mo ago
Copy link