Challenges
  • Introduction
  • InsecureShop Challenges
    • Hardcoded Credentials
    • Insufficient URL Validation
    • Weak Host Validation
    • Arbitrary Code Execution
    • Intent Redirection (Access to Protected Components)
    • Unprotected Data URIs
    • Theft of Arbitrary files from LocalStorage
    • Using Components with Known Vulnerabilities
    • Insecure Broadcast Receiver
    • AWS Cognito Misconfiguration
    • Insecure use of FilePaths in FileProvider
    • Use of Implicit intent to send a broadcast with sensitive data
    • Intercepting Implicit intent to load arbitrary URL
    • Insecure Implementation of SetResult in exported Activity
    • Insecure Content Provider
    • Lack of SSL Certificate Validation
    • Insecure Webview Properties Enabled
    • Insecure Data Storage
    • Insecure Logging
Powered by GitBook
On this page

Was this helpful?

  1. InsecureShop Challenges

Intercepting Implicit intent to load arbitrary URL

PreviousUse of Implicit intent to send a broadcast with sensitive dataNextInsecure Implementation of SetResult in exported Activity

Last updated 3 years ago

Was this helpful?

The class com.insecureshop.ProductListActivity registers a receiver as shown below.

The code says the receiver named productDetailBroadCast will trigger when the intent filter com.insecureshop.action.PRODUCT_DETAIL is called.

registerReceiver(this.productDetailBroadCast, new android.content.IntentFilter("com.insecureshop.action.PRODUCT_DETAIL"));

The receiver com.insecureshop.broadcast.ProductDetailBroadCast contains the following code.

The code takes an action, an extra and starts the activity.

public final class ProductDetailBroadCast extends android.content.BroadcastReceiver {
    public void onReceive(android.content.Context context, android.content.Intent intent) {
        android.content.Intent webViewIntent = new android.content.Intent("com.insecureshop.action.WEBVIEW");
        webViewIntent.putExtra("url", "https://www.insecureshopapp.com/");
        if (context != null) {
            context.startActivity(webViewIntent);
        }
    }
}

Reference:

Interception of Android implicit intentsNews, Techniques & Guides
Logo