Unprotected Data URIs
The
com.insecureshop.WebView2Activity
contains the following code. The code takes untrusted URL in loadUrl
method and passes it to webview.if (!(dataString == null || kotlin.text.StringsKt.isBlank(dataString))) {
android.content.Intent intent2 = getIntent();
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent2, "intent");
webview.loadUrl(intent2.getDataString());
return;
}
Analyze the intent-filter used by this activity carefully. Can you convert this attack into a remote exploitation by utilizing intent scheme URIs?