MHL Post Board
Challenge Description Welcome to the Android Insecure WebView Challenge! This challenge is designed to delve into the complexities of Android’s WebView component, exploiting a Cross-Site Scripting (XSS) vulnerability to achieve Remote Code Execution (RCE). It’s an immersive opportunity for participants to engage with Android application security, particularly focusing on WebView security issues. postboard.apk Solution As usual, I started by performing static analysis to get some understanding of the application. Static Analysis I started out by reading the AndroidManifest.xml code after decompiling using jadx-gui. ...