Challenges
Search…
⌃K

Insufficient URL Validation

The class com.insecureshop.WebViewActivity contains the following code. As per the code, the application registers a path web and a query parameter url.
android.net.Uri uri = intent.getData();
if (uri != null) {
android.net.Uri uri2 = uri;
java.lang.String str = null;
java.lang.String data = null;
if (kotlin.text.StringsKt.equals$default(uri.getPath(), "/web", false, 2, (java.lang.Object) null)) {
android.content.Intent intent2 = getIntent();
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent2, "intent");
android.net.Uri data2 = intent2.getData();
if (data2 != null) {
str = data2.getQueryParameter("url");
}
data = str;
The application does not implement URL validation which would allow remote users to load arbitrary content in webview by passing a deeplink or intent.