Input Validation Issues - Part 2

This challenge is a bit different from the previous one.

Input Validation Issues 2a

Let's enter a proper URL.

Input Validation Issues 2b

When you click on View, the website is opened at the lower half of the app. Let's remove the scheme https:// from the URL.

Input Validation Issues 2c

There is a blank screen. We can understand that the app is not appending the scheme http:// or https:// to the input. Let's try again with some random input.

Input Validation Issues 2d

We get an error net::ERR_UNKNOWN_URL_SCHEME. So the app completely depends on the user input and runs that irrespective of the entered scheme.

Android browsers also accepts another scheme file://. This scheme is used to view the contents of files inside the filesystem. Let's give it a try.

Input Validation Issues 2e

Positive results! The app accepts the file:// scheme. Now let's try to access a previous challenge's file located at /sdcard/.uinfo.txt.

Input Validation Issues 2f

Voila ! We cracked the challenge.

Takeaway

  • Whenever an app asks for a URL, try providing file:// scheme. If it renders the contents of a file at a known location, this is a vulnerability