Weak Host Validation
The class com.insecureshop.WebViewActivity contains the following code. As per the code, the application registers a path webview and a query parameter url. The application implements a URL validation and only allows URLs that ends with to be loaded in Webview.
} else if (kotlin.text.StringsKt.equals$default(uri.getPath(), "/webview", false, 2, (java.lang.Object) null)) {
android.content.Intent intent3 = getIntent();
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent3, "intent"); data3 = intent3.getData();
if (data3 == null) {
java.lang.String queryParameter = data3.getQueryParameter("url");
if (queryParameter == null) {
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(queryParameter, "!!.getQueryParameter(\"url\")!!");
if (kotlin.text.StringsKt.endsWith$default(queryParameter, "", false, 2, (java.lang.Object) null)) {
android.content.Intent intent4 = getIntent();
kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(intent4, "intent"); data4 = intent4.getData();
if (data4 != null) {
str = data4.getQueryParameter("url");
data = str;
Since the application implements a weak host validation, a malicious application can bypass the host validation by loading arbitrary URL owned by attacker that ends with In such a case something like would stand valid.
Copy link