πVulnerability #10: Using Components with Known Vulnerabilities
The android manifest contains a decleration for the following service: net.gotev.uploadservice.UploadService. It doesnβt follow the naming convention for the package, so we know that this may be a 3rd party library.
From this point, what we can do is to find public exploits/vulnerability disclosures that affect the library. And we can find one from a HackerOne report: https://hackerone.com/reports/258460
Unable to create a POC this time. Refer to the provided report link for now.
PreviousVulnerability #9: Use of Implicit intent to send a broadcast with sensitive dataNextVulnerability #11: Intent Redirection (Access to Protected Components)
Last updated