Challenges
Search…
Unprotected Data URIs
The com.insecureshop.WebView2Activity contains the following code. The code takes untrusted URL in loadUrl method and passes it to webview.
1
if (!(dataString == null || kotlin.text.StringsKt.isBlank(dataString))) {
2
android.content.Intent intent2 = getIntent();
3
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent2, "intent");
4
webview.loadUrl(intent2.getDataString());
5
return;
6
}
Copied!

Going an extra mile

Analyze the intent-filter used by this activity carefully. Can you convert this attack into a remote exploitation by utilizing intent scheme URIs?

Reference:

Last modified 6mo ago