Remote Code Execution through JavascriptInterface

appknox / AFE

Android Framework for Exploitation, is a framework for exploiting android based devices

GNU General Public License v3.0

184 stars 77 forks source link

Remote Code Execution through JavascriptInterface #8

Open subho007 opened 7 years ago

subho007 commented 7 years ago

Application seems to use JavascriptInterface. An attacker can use it to do a Remote Code Execution on your application and steal sensitive informations.

1:None
 - com/flipkart/android/fragments/WebViewFragment;->enablePaymentHandler

2:None
 - com/flipkart/android/fragments/WebViewFragment;->onCreateView

3:None
 - com/flipkart/android/fragments/WebViewFragment;->onCreateView