Android Penetration Testing

WEBSITE GITHUB LINKDIN INSTAGRAM

🕵️‍♂️OWASP Mobile Top 10
"Let's Dive into the Theory"
😍Theory of Android Penetration Testing
"Let's Dive into the Practical"
😇Vulnerable Android Application with Practical.
- 😉InsecureShop
"Let's Dive into the Interview Questions"
😎Important Interview Questions for Android Application Penetration Testing.
😘Notes
- Tools to use
- Important Reports from Hackerone

Powered by GitBook

On this page

Vulnerable Android Application with Practical.

InsecureShop

Vulnerability #2: Hardcoded Credentials

PreviousVulnerability #1: Insecure Logging NextVulnerability #3: Insecure Data Storage

Last updated 1 year ago

Navigating to the util.Util class, we can see that verifyUserNamePassword calls getUserCreds and compares the values that it returns with the values that we provide.

The vulnerability here is that credentials are hardcoded into the getUserCreds method, thus giving us a valid account that we can use to login into the app.

username: shopuser password: !ns3csh0p

😇

😉

😂