Challenges
Search…
Unprotected Data URIs
The com.insecureshop.WebView2Activity contains the following code. The code takes untrusted URL in loadUrl method and passes it to webview.
if (!(dataString == null || kotlin.text.StringsKt.isBlank(dataString))) {
android.content.Intent intent2 = getIntent();
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent2, "intent");
webview.loadUrl(intent2.getDataString());
return;
}

Going an extra mile

Analyze the intent-filter used by this activity carefully. Can you convert this attack into a remote exploitation by utilizing intent scheme URIs?

Reference:

Copy link
On this page
Going an extra mile
Reference: