Challenges
  • Introduction
  • InsecureShop Challenges
    • Hardcoded Credentials
    • Insufficient URL Validation
    • Weak Host Validation
    • Arbitrary Code Execution
    • Intent Redirection (Access to Protected Components)
    • Unprotected Data URIs
    • Theft of Arbitrary files from LocalStorage
    • Using Components with Known Vulnerabilities
    • Insecure Broadcast Receiver
    • AWS Cognito Misconfiguration
    • Insecure use of FilePaths in FileProvider
    • Use of Implicit intent to send a broadcast with sensitive data
    • Intercepting Implicit intent to load arbitrary URL
    • Insecure Implementation of SetResult in exported Activity
    • Insecure Content Provider
    • Lack of SSL Certificate Validation
    • Insecure Webview Properties Enabled
    • Insecure Data Storage
    • Insecure Logging
Powered by GitBook
On this page
  • Going an extra mile
  • Reference:

Was this helpful?

  1. InsecureShop Challenges

Insecure Implementation of SetResult in exported Activity

PreviousIntercepting Implicit intent to load arbitrary URLNextInsecure Content Provider

Last updated 3 years ago

Was this helpful?

The com.insecureshop.ResultActivity is exported and contains the following code:

    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setResult(-1, getIntent());
        finish();

The exported activity passes an Intent to the attacker via setResult(code, intent). Such configuration allows an attacker to access arbitrary content providers.

Going an extra mile

Can you read Phone contacts using this vulnerability?

Note: In order to read Phone contacts, you need to grant InsecureShop access to your contacts. You can enable this permission by long pressing the app icon and then going to App Info > Permissions. Here you need to enable the Contacts permission.

Reference:

LogoGaining access to arbitrary* Content ProvidersNews, Techniques & Guides
LogoTwo weeks of securing Samsung devices: Part 1News, Techniques & Guides