Skip to content

不支持ARouter路由框架导致断链 #73

New issue
New issue
Open
Open
不支持ARouter路由框架导致断链#73
@firmianay

Description

@firmianay
firmianay
opened on Feb 23, 2024

是在一个漏洞案例里发现的,任意URL加载,即导出组件从外部获取Intent,并传入loadUrl()

攻击链:LoginActivity(导出) -> HomeActivity(非导出) -> ARouter(跳转) -> DemoWebActivity(非导出)

private void jumpByRouters(String url) {
      DemoWebBuilder.from()
              .setWebUrl(url)
              .start();
public DemoWebBuilder setWebUrl(String mWebUrl) {
    mBundle.putString(WebViewConst.BUNDLE_KEY.WEB_URL, mWebUrl);
    return this;
}

public void start() {
    if (mBundle != null) {
          ARouter.getInstance().build(WebViewConst.ROUTER_KEY.WEB_ACTIVITY).withTransition(R.anim.fade_in,
              R.anim.fade_out).with(mBundle).navigation();
    }
}

没办法通过路由WebViewConst.ROUTER_KEY.WEB_ACTIVITY进行关联,导致断链:

@Route(path = WebViewConst.ROUTER_KEY.WEB_ACTIVITY)
public class DemoWebActivity extends SimpleActivity implements WebHandlerDelegate.WebJsBridgeListener, WebEventBusDelegate.WebEventListener {
    private void initView() {
        mUrl = getIntent().getStringExtra(WebViewConst.BUNDLE_KEY.WEB_URL);
        loadUrl(mUrl);
    }

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions