Lucene search
Hackapp.orgHACKAPP:COM.UNITEDINTERNET.PORTAL.ANDROID.ONLINESTORAGE.WEBDE.APKHistoryApr 01, 2016 - 9:22 a.m.
WEB.DE Online-Speicher - Certificates or keys found, External URLs, Native code usage vulnerabilities
2016-04-0109:22:02
Hackapp.org
hackapp.com
10
HackApp vulnerability scanner discovered that application WEB.DE Online-Speicher published at the βplayβ market has multiple vulnerabilities.
Name
WEB.DE Online-SpeicherVendor
WEB.DELink
COM.UNITEDINTERNET.PORTAL.ANDROID.ONLINESTORAGE.WEBDE.APKStore
playVersion
3.0.2- NOTICE
- Suspicious files
Are you sure these files should be here?
- Native code usage
Native code (.so) usage 'System.loadLibrary();' is found.
- External URLs
Were do they point?
- Unsafe deleting
All items deleted with 'file.delete()' could be recovered.
- MEDIUM
- Certificates or keys found
These credentials could be used for authentication.
- WebView JavaScript enabled
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
- WebView files access
Control of WebView context allows to access local files.
- SD-card access
SD-cards and other external storages have 'worldwide read' policy.
- CRITICAL
- WebView code execution
WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.
| CPE | Name | Operator | Version |
|---|---|---|---|
| web.de online-speicher | le | 3.0.2 |