{"id":7,"date":"2024-12-20T21:04:41","date_gmt":"2024-12-21T00:04:41","guid":{"rendered":"https:\/\/2tokui.dev\/?p=7"},"modified":"2024-12-20T21:13:49","modified_gmt":"2024-12-21T00:13:49","slug":"intent-redirection","status":"publish","type":"post","link":"https:\/\/2tokui.dev\/index.php\/2024\/12\/20\/intent-redirection\/","title":{"rendered":"Intent Redirection"},"content":{"rendered":"\n<p>Intent redirection are vulnerabilities in Android applications that can be abused by attackers to trigger certain functionality. It depends a lot on how limited the input is. Maybe we are only changing a few parameters that will be displayed on the screen, or maybe we can open any activity of the app, even private ones. In the last case, it would be very bad if this application is running as the user <strong>&#8220;system&#8221;<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"3840\" height=\"2160\" src=\"https:\/\/2tokui.dev\/wp-content\/uploads\/2024\/12\/wallhaven-o3km89.png\" alt=\"\" class=\"wp-image-29\" srcset=\"https:\/\/2tokui.dev\/wp-content\/uploads\/2024\/12\/wallhaven-o3km89.png 3840w, https:\/\/2tokui.dev\/wp-content\/uploads\/2024\/12\/wallhaven-o3km89-300x169.png 300w, https:\/\/2tokui.dev\/wp-content\/uploads\/2024\/12\/wallhaven-o3km89-1024x576.png 1024w, https:\/\/2tokui.dev\/wp-content\/uploads\/2024\/12\/wallhaven-o3km89-768x432.png 768w, https:\/\/2tokui.dev\/wp-content\/uploads\/2024\/12\/wallhaven-o3km89-1536x864.png 1536w, https:\/\/2tokui.dev\/wp-content\/uploads\/2024\/12\/wallhaven-o3km89-2048x1152.png 2048w\" sizes=\"auto, (max-width: 3840px) 100vw, 3840px\" \/><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intent redirection are vulnerabilities in Android applications that can be abused by attackers to trigger certain functionality. It depends a lot on how limited the input is. Maybe we are only changing a few parameters that will be displayed on the screen, or maybe we can open any activity of the app, even private ones. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[4],"class_list":["post-7","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-android"],"_links":{"self":[{"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/posts\/7","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":2,"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"predecessor-version":[{"id":31,"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/posts\/7\/revisions\/31"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/media\/24"}],"wp:attachment":[{"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/2tokui.dev\/index.php\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}