Challenges
Search…
InsecureShop Challenges
Intercepting Implicit intent to load arbitrary URL
The class
com.insecureshop.ProductListActivity registers a receiver as shown below. The code says the receiver named
productDetailBroadCast will trigger when the intent filter com.insecureshop.action.PRODUCT_DETAIL is called.1
registerReceiver(this.productDetailBroadCast, new android.content.IntentFilter("com.insecureshop.action.PRODUCT_DETAIL"));
Copied!
The receiver
com.insecureshop.broadcast.ProductDetailBroadCast contains the following code.The code takes an action, an extra and starts the activity.
1
public final class ProductDetailBroadCast extends android.content.BroadcastReceiver {
2
public void onReceive(android.content.Context context, android.content.Intent intent) {
3
android.content.Intent webViewIntent = new android.content.Intent("com.insecureshop.action.WEBVIEW");
4
webViewIntent.putExtra("url", "https://www.insecureshopapp.com/");
5
if (context != null) {
6
context.startActivity(webViewIntent);
7
}
8
}
9
}
Copied!
Reference:
Interception of Android implicit intents
News, Techniques & Guides
InsecureShop Challenges - Previous
Use of Implicit intent to send a broadcast with sensitive data
Next - InsecureShop Challenges
Insecure Implementation of SetResult in exported Activity
Last modified 26d ago
Copy link
Contents
Reference: