😎Vulnerability #10: Using Components with Known Vulnerabilities

The android manifest contains a decleration for the following service: net.gotev.uploadservice.UploadService. It doesn’t follow the naming convention for the package, so we know that this may be a 3rd party library.

From this point, what we can do is to find public exploits/vulnerability disclosures that affect the library. And we can find one from a HackerOne report: https://hackerone.com/reports/258460

Unable to create a POC this time. Refer to the provided report link for now.

PreviousVulnerability #9: Use of Implicit intent to send a broadcast with sensitive data NextVulnerability #11: Intent Redirection (Access to Protected Components)

Last updated 2 years ago