...
This noncompliant code example shows an application (com/sand/airdroidsample/ServerService.java) with a vulnerable method d() using an implicit intent v1 as an argument to this.sendBroadcast() to broadcast the intent. The intent includes such sensitive information as the device's IP address (local_ip), the port number (port), and the password to connect to the device (code).
...
| Code Block | ||
|---|---|---|
| ||
public class BcReceiv extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent){
String s = null;
if (intent.getAction().equals("com.sample.action.server_running")){
String pwd = intent.getStringExtra("connected");
s = "Airdroid => [" + pwd + "]/" + intent.getExtras();
}
Toast.makeText(context, String.format("$B!V(B%s$B!W(BReceived%s Received", s),
Toast.LENGTH_SHORT).show();
}
}
|
...