Closed erev0s closed 2 years ago
Thanks @erev0s, appreciate your contribution.
Regarding first fix, you are correct that "read contacts" permission is required. You can enable this permission by going to App Info > Permissions
. Here you need to enable
the Contacts permission. In the next release, I'm going to add a run-time contact permission. I'm going to review your changes and if all goes good, I'm going to push it in the next release.
The second one does not require any changes and is working as intended. Your changes suggest to add getStringExtra("url")
which should allow you to load any URL. However, you can still load arbitrary URL with current implementation. You can intercept the implicit intent and load any arbitrary URL. This is a really tricky and interesting issue. I'll try to post the complete solution in next few months.
Reference: https://docs.insecureshopapp.com/insecureshop-challenges/intercepting-implicit-intent-to-load-arbitrary-url
hey @0xgaurang thanks for getting back to me. In this case I can close this. Looking forward for your post.
2. However, you can still load arbitrary URL with current implementation. You can intercept the implicit intent and load any arbitrary URL.
@hax0rgb do you mind highlighting how this can be done?
Hi @shaiquie-zieye
I have highlighted the vulnerable code here: https://docs.insecureshopapp.com/insecureshop-challenges/intercepting-implicit-intent-to-load-arbitrary-url
You can take advantage of android.permission.SYSTEM_ALERT_WINDOW
permission to intercept the intent and load arbitrary URL.
I'm planning to post a complete solution by next month. Sorry for getting this delayed.
You can take advantage of
android.permission.SYSTEM_ALERT_WINDOW
permission to intercept the intent and load arbitrary URL.
Thank you @hax0rgb for the hint.