Oversecured OVAA - Vulnerabilities and Exploits
Recon $ frida-ps -Uai | grep ovaa - Oversecured Vulnerable Android App oversecured.ovaa Exploiting Insecure Logger Service Android Manifest Entries - InsecureLoggerService <uses-permission android:name="android.permission.INTERNET"/> <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> <service android:name="oversecured.ovaa.services.InsecureLoggerService"> <intent-filter> <action android:name="oversecured.ovaa.action.DUMP"/> </intent-filter> </service> Source Code - InsecureLoggerService // oversecured.ovaa.services.InsecureLoggerService package oversecured.ovaa.services; import android.app.IntentService; import android.content.Intent; import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.io.InputStreamReader; /* loaded from: classes.dex */ public class InsecureLoggerService extends IntentService { private static final String ACTION_DUMP = "oversecured....