漏洞分析

0

高危漏洞

6

中危漏洞

3

低危漏洞

4

警告

文件名 app.apk
上传者 test
文件大小 10.609201431274MB
MD5 86e770b35b4256ce01e9b1c890e1295f
包名 com.telecom.ahgbjyv2
Main Activity com.telecom.ahgbjyv2.activity.MainActivity
Min SDK 19
Target SDK 27

权限列表

# 名称 说明 提示
0 android.permission.SYSTEM_ALERT_WINDOW 允许应用程序显示系统警报窗口。恶意应用程序可借此掌控整个手机屏幕。 注意
1 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
2 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
3 android.permission.INTERNET 允许程序访问网络. 提示
4 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
5 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.telecom.ahgbjyv2.activity.MainActivity
com.lzy.imagepicker.ui.ImageBaseActivity
com.lzy.imagepicker.ui.ImageGridActivity
com.lzy.imagepicker.ui.ImageCropActivity
com.lzy.imagepicker.ui.ImagePreviewActivity
com.lzy.imagepicker.ui.ImagePreviewDelActivity
pub.devrel.easypermissions.AppSettingsDialogHolderActivity
com.just.agentweb.ActionActivity

com.liulishuo.filedownloader.services.FileDownloadService$SharedMainProcessService
com.liulishuo.filedownloader.services.FileDownloadService$SeparateProcessService

android.support.v4.content.FileProvider
com.lzy.imagepicker.ImagePickerProvider
com.squareup.picasso.PicassoProvider
com.just.agentweb.AgentWebFileProvider

第三方库

# 库名 介绍
0 com.alibaba.fastjson Fast JSON Processor https://github.com/alibaba/fastjson/wiki
1 rx.android RxJava bindings for Android
2 retrofit2 Type-safe REST client for Android and Java by Square, Inc.
3 com.squareup.picasso A powerful image downloading and caching library for Android.
4 com.daimajia.numberprogressbar A beautiful, slim Android ProgressBar.
5 rx RxJava – Reactive Extensions for the JVM – a library for composing asynchronous and event-based programs using observable sequences for the Java VM.
6 okhttp3 An HTTP+SPDY client for Android and Java applications.
7 com.ms.square.android.expandabletextview Android's TextView that can expand/collapse like the Google Play's app description
8 com.getbase.floatingactionbutton Floating Action Button for Android based on Material Design specification
9 android.support.transition A backport of the new Transitions API for Android.
10 uk.co.senab.photoview Implementation of ImageView for Android that supports zooming, by various touch gestures.
11 com.bartoszlipinski.viewpropertyobjectanimator Wrapper of the ObjectAnimator that can be used similarly to ViewPropertyAnimator

静态扫描发现风险点

风险等级 风险名称

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

检测到1处证书弱校验漏洞。

位置: classes.dex
com.zhy.http.okhttp.https.HttpsUtils$UnSafeTrustManager;

当移动App客户端使用https或ssl/tls进行通信时,如果不校验证书的可信性,将存在中间人攻击漏洞,可导致信息泄露,传输数据被篡改,甚至通过中间人劫持将原有信息替换成恶意链接或恶意代码程序,以达到远程控制等攻击意图。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
www.wooyun.org/bugs/wooyun-2014-079358

参考资料:
http://drops.wooyun.org/tips/3296
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

该app需要移除大部分日志打印代码。
经扫描该包仍存在大量打日志代码,共发现139处打日志代码.(此处扫描的日志打印代码,是指调用android.util.Log.* 打印的.)
详情如下:

位置: classes.dex
com.qmuiteam.qmui.arch.QMUIFragment;->startFragment(Lcom/qmuiteam/qmui/arch/QMUIFragment;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.utils.CheckVersion;->checkMD5(Ljava/io/File;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.LogUtils;->e(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
pub.devrel.easypermissions.EasyPermissions;->hasPermissions(Landroid/content/Context; [Ljava/lang/String;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.pullRefreshLayout.QMUIPullRefreshLayout;->onInterceptTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.QMUIAnimationListView;->manipulateWithoutAnimation(Lcom/qmuiteam/qmui/widget/QMUIAnimationListView$Manipulator;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStartTrackingTouch(Landroid/widget/SeekBar;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebClient;->onPageFinished(Landroid/webkit/WebView; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebUtils;->clearCacheFolder(Ljava/io/File; I)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.course.WeikeListFragment$TraceTask;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->ifmt(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.LearnCourseFragment$TraceTask;->run()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.widget.CourseDownLoadListener;->error(Lcom/liulishuo/filedownloader/BaseDownloadTask; Ljava/lang/Throwable;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebChrome;->onJsPrompt(Landroid/webkit/WebView; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/webkit/JsPromptResult;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->addTextureView()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.qqface.QMUIQQFaceView;->onMeasure(I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.IjkMediaPlayer;->setDataSource(Landroid/content/Context; Landroid/net/Uri; Ljava/util/Map;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebClient;->onPageStarted(Landroid/webkit/WebView; Ljava/lang/String; Landroid/graphics/Bitmap;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onClick(Landroid/view/View;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.offline.OfflinePlayCourseFragment$1;->playnextVideo(Z)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
pub.devrel.easypermissions.helper.BaseFrameworkPermissionsHelper;->showRequestPermissionRationale(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; I I [Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.squareup.picasso.StatsSnapshot;->dump()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->w(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStopTrackingTouch(Landroid/widget/SeekBar;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.LogUtils;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->playOnThisJzvd()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
uk.co.senab.photoview.log.LoggerDefault;->d(Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.db.SQLiteDB;->onCreate(Landroid/database/sqlite/SQLiteDatabase;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebUtils;->clearCache(Landroid/content/Context; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.zhy.http.okhttp.utils.L;->e(Ljava/lang/String;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.IjkMediaPlayer$DefaultMediaCodecSelector;->onMediaCodecSelect(Ltv/danmaku/ijk/media/player/IMediaPlayer; Ljava/lang/String; I I)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
uk.co.senab.photoview.log.LoggerDefault;->v(Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebUtils;->clearCacheFolder(Ljava/io/File; I)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.utils.MiddlewareChromeClient;->onJsAlert(Landroid/webkit/WebView; Ljava/lang/String; Ljava/lang/String; Landroid/webkit/JsResult;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.db.SQLiteDB;->printDebug(Landroid/database/sqlite/SQLiteDatabase; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->backPress()Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallback;->apply([Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
pub.devrel.easypermissions.helper.BaseSupportPermissionsHelper;->showRequestPermissionRationale(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; I I [Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView$AgentWebChrome;->onProgressChanged(Landroid/webkit/WebView; I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
uk.co.senab.photoview.log.LoggerDefault;->w(Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZResizeTextureView;->onMeasure(I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onTouch(Landroid/view/View; Landroid/view/MotionEvent;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.zhy.http.okhttp.log.LoggerInterceptor;->logForRequest(Lokhttp3/Request;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.WebViewFragment$5;->onProgressChanged(Landroid/webkit/WebView; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.lzy.imagepicker.ImagePicker;->takePicture(Landroid/app/Activity; I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStatePlaying()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onClick(Landroid/view/View;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStatePause()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
android.arch.lifecycle.LifecycleRegistry;->sync()V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.popup.QMUIBasePopup;->measureWindowSize()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.Banner;->setImageList(Ljava/util/List;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onInfo(I I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.utils.MiddlewareWebViewClient;->shouldOverrideUrlLoading(Landroid/webkit/WebView; Landroid/webkit/WebResourceRequest;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.zhy.http.okhttp.log.LoggerInterceptor;->logForResponse(Lokhttp3/Response;)Lokhttp3/Response;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
org.sufficientlysecure.htmltextview.HtmlResImageGetter;->getDrawable(Ljava/lang/String;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->startProgressTimer()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.DefaultChromeClient;->openFileChooser(Landroid/webkit/ValueCallback;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.IjkMediaCodecInfo;->dumpProfileLevels(Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.db.SQLiteDB;->stopTrace(Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->startWindowTiny()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->startVideo()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.util.QMUIKeyboardHelper;->showKeyboard(Landroid/widget/EditText; I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
me.zhanghai.android.materialratingbar.ClipDrawableCompat;->setTintList(Landroid/content/res/ColorStateList;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->releaseAllVideos()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
uk.co.senab.photoview.log.LoggerDefault;->e(Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.textview.QMUILinkTextView$1;->handleMessage(Landroid/os/Message;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.arch.QMUIFragment$2;->onScrollOverThreshold()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
me.zhanghai.android.materialratingbar.MaterialRatingBar;->applyTintForDrawable(Landroid/graphics/drawable/Drawable; Landroid/content/res/ColorStateList; Z Landroid/graphics/PorterDuff$Mode; Z)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->vfmt(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStateNormal()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.pullRefreshLayout.QMUIPullRefreshLayout;->onLayout(Z I I I I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->d(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.Banner$BannerPagerAdapter$1;->onClick(Landroid/view/View;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
uk.co.senab.photoview.log.LoggerDefault;->i(Ljava/lang/String; Ljava/lang/String;)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->dfmt(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.arch.QMUIFragment;->startFragmentAndDestroyCurrent(Lcom/qmuiteam/qmui/arch/QMUIFragment; Z)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.IjkMediaPlayer$DefaultMediaCodecSelector;->onMediaCodecSelect(Ltv/danmaku/ijk/media/player/IMediaPlayer; Ljava/lang/String; I I)Ljava/lang/String;==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.pullRefreshLayout.QMUIPullRefreshLayout;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->getReturn(Lorg/json/JSONObject; I Ljava/lang/Object; J)Ljava/lang/String;==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStatePreparing()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.textview.QMUILinkTextView;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
me.zhanghai.android.materialratingbar.ClipDrawableCompat;->setTintMode(Landroid/graphics/PorterDuff$Mode;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->efmt(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZUtils;->saveProgress(Landroid/content/Context; Ljava/lang/Object; J)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->genJavaMethodSign(Ljava/lang/reflect/Method;)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.QMUIAnimationListView;->manipulate(Lcom/qmuiteam/qmui/widget/QMUIAnimationListView$Manipulator;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.WebViewFragment$6;->intercept(Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.pullRefreshLayout.QMUIPullRefreshLayout;->onMeasure(I I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZMediaManager;->onSurfaceTextureAvailable(Landroid/graphics/SurfaceTexture; I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->startWindowFullscreen()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onError(I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onAutoCompletion()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onScrollAutoTiny(Landroid/widget/AbsListView; I I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStateAutoComplete()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.utils.CheckVersion$5;->onResponse(Ljava/lang/String; I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.course.WeikeListFragment;->stoptrace()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.LearnCourseFragment$1;->playnextVideo(Z)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer$1;->onAudioFocusChange(I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onScrollReleaseAllVideos(Landroid/widget/AbsListView; I I I)V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.course.WeikeListFragment$9;->onSuccess(Lcom/telecom/ahgbjyv2/model/CourseTiming;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.db.SQLiteDB;->updateschedule(Ljava/lang/String; Ljava/lang/Integer;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.widget.DownLoadDialog;->startdownload()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView;->addJavascriptInterface(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.utils.MiddlewareWebViewClient;->shouldOverrideUrlLoading(Landroid/webkit/WebView; Ljava/lang/String;)Z==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->release()V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.utils.MiddlewareChromeClient;->onProgressChanged(Landroid/webkit/WebView; I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.arch.QMUIFragment$2;->onScrollStateChange(I F)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onVideoSizeChanged()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.arch.QMUIFragmentActivity;->popBackStack()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.Banner;->initViewPagerScroll()V==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.textview.QMUILinkTextView;->onSpanClick(Ljava/lang/String;)Z==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.fragment.LearnCourseFragment$5;->onSuccess(Lcom/telecom/ahgbjyv2/model/CourseTiming;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onCompletion()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.popup.QMUIBasePopup$RootView;->onMeasure(I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.arch.QMUIFragmentActivity;->startFragment(Lcom/qmuiteam/qmui/arch/QMUIFragment;)I==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
org.sufficientlysecure.htmltextview.HtmlHttpImageGetter$ImageGetterAsyncTask;->onPostExecute(Landroid/graphics/drawable/Drawable;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.LogUtils;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.telecom.ahgbjyv2.db.SQLiteDB;->updateOffline(Ljava/lang/String; Ljava/lang/String; I)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->wfmt(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/Object;)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
me.zhanghai.android.materialratingbar.ClipDrawableCompat;->setTint(I)V==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.arch.QMUIFragment$2;->onEdgeTouch(I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->i(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.arch.QMUIFragment$2;->onScroll(I F)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.qqface.QMUIQQFaceView;->onDraw(Landroid/graphics/Canvas;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
org.sufficientlysecure.htmltextview.HtmlAssetsImageGetter;->getDrawable(Ljava/lang/String;)Landroid/graphics/drawable/Drawable;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.IjkMediaPlayer$DefaultMediaCodecSelector;->onMediaCodecSelect(Ltv/danmaku/ijk/media/player/IMediaPlayer; Ljava/lang/String; I I)Ljava/lang/String;==>android.util.Log;->w(Ljava/lang/String; Ljava/lang/String;)I
tv.danmaku.ijk.media.player.pragma.DebugLog;->v(Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->v(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.pullRefreshLayout.QMUIPullRefreshLayout$RefreshView;->onPull(I I I)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.JsCallJava;->(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onStateError()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.AgentWebView;->addJavascriptInterface(Ljava/lang/Object; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.squareup.picasso.Utils;->log(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)V==>android.util.Log;->d(Ljava/lang/String; Ljava/lang/String;)I
com.just.agentweb.DefaultChromeClient;->openFileChooser(Landroid/webkit/ValueCallback; Ljava/lang/String;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.qmuiteam.qmui.widget.pullRefreshLayout.QMUIPullRefreshLayout;->onTouchEvent(Landroid/view/MotionEvent;)Z==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I
com.lzy.imagepicker.ui.ImageGridActivity;->onClick(Landroid/view/View;)V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
cn.jzvd.JZVideoPlayer;->onPrepared()V==>android.util.Log;->i(Ljava/lang/String; Ljava/lang/String;)I
com.youth.banner.Banner;->setBannerAnimation(Ljava/lang/Class;)Lcom/youth/banner/Banner;==>android.util.Log;->e(Ljava/lang/String; Ljava/lang/String;)I

中危

检测到3个WebView远程执行漏洞。

位置: classes.dex
com.just.agentweb.AgentWebView;->addJavascriptInterface(Ljava.lang.Object; Ljava.lang.String;)V
com.just.agentweb.JsInterfaceHolderImpl;->addJavaObjectDirect(Ljava.lang.String; Ljava.lang.Object;)Lcom.just.agentweb.JsInterfaceHolder;
com.telecom.ahgbjyv2.fragment.personal.MyStudyFragment;->onCreateView()Landroid.view.View;

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到40条敏感明文信息,建议移除。

位置: classes.dex
'file:///android_asset/' used in: Lcom/squareup/picasso/AssetRequestHandler;->()V
'file:///android_asset/web/mstudy.html' used in: Lcom/telecom/ahgbjyv2/fragment/personal/MyStudyFragment;->onCreateView()Landroid/view/View;
'http://%s:%d/%s' used in: Lcom/danikula/videocache/Pinger;->getPingUrl()Ljava/lang/String;
'http://%s:%d/%s' used in: Lcom/danikula/videocache/HttpProxyCacheServer;->appendToProxyUrl(Ljava/lang/String;)Ljava/lang/String;
'http://117.71.47.129:8081' used in: Lcom/telecom/ahgbjyv2/network/AppClient;->()V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/SpecialFragment$SpecialclassAdapter;->bindData(Lcom/telecom/ahgbjyv2/adapter/RecyclerViewHolder; I Lcom/telecom/ahgbjyv2/model/SpecialClass;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/MyFavCourseFragment$MyCourseAdapter;->onBindViewHolder(Lcom/telecom/ahgbjyv2/fragment/MyFavCourseFragment$MyCourseAdapter$CourseItemViewHolder; I)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/widget/DownLoadDialog;->startdownload()V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/ThematicClassDetailFragment$4;->onSuccess(Lcom/telecom/ahgbjyv2/model/ThematicClass;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/LearnCourseFragment$3;->onSuccess(Lcom/telecom/ahgbjyv2/model/CourseDetail;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/course/WeikeListFragment$7;->onSuccess(Lcom/telecom/ahgbjyv2/model/CourseDetail;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/LearnCourseFragment;->playSubCourse(Ljava/lang/String;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/LearnCourseFragment$1;->playnextVideo(Z)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/LearnCourseFragment;->buildMediaList(Lcom/telecom/ahgbjyv2/model/CourseDetail;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/course/WeikeListFragment$WeikeAdapter$1;->onClick(Landroid/view/View;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/LearnCourseFragment;->initvideoplay()V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/SpecialFragment;->initBanner(Ljava/util/List;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/MainFragment;->bannerData(Ljava/util/List;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/CourseListFragment$CourseAdapter;->onBindViewHolder(Lcom/telecom/ahgbjyv2/fragment/CourseListFragment$CourseAdapter$CourseItemViewHolder; I)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/LearnCourseFragment;->gotoplay(Ljava/lang/String; Ljava/lang/String;)V
'http://117.71.47.129:8081/static/' used in: Lcom/telecom/ahgbjyv2/fragment/course/WeikeListFragment$WeikeAdapter;->playing(Ljava/lang/String; Z)V
'http://117.71.47.129:8081/static/mmm.png' used in: Lcom/telecom/ahgbjyv2/fragment/MyFavCourseFragment$MyCourseAdapter;->onBindViewHolder(Lcom/telecom/ahgbjyv2/fragment/MyFavCourseFragment$MyCourseAdapter$CourseItemViewHolder; I)V
'http://117.71.47.129:8081/static/mmm.png' used in: Lcom/telecom/ahgbjyv2/fragment/CourseListFragment$CourseAdapter;->onBindViewHolder(Lcom/telecom/ahgbjyv2/fragment/CourseListFragment$CourseAdapter$CourseItemViewHolder; I)V
'http://117.71.47.129:8081/static/v.json' used in: Lcom/telecom/ahgbjyv2/fragment/MainFragment;->checkUpload()V
'http://117.71.47.129:8081/static/v.json' used in: Lcom/telecom/ahgbjyv2/fragment/PersonalFragment$11;->onClick(Landroid/view/View;)V
'http://javax.xml.XMLConstants/feature/secure-processing' used in: Lcom/fasterxml/jackson/databind/ext/DOMDeserializer;->()V
'http://lms.ahgbjy.gov.cn/Tools/VPlayer.swf' used in: Lcom/telecom/ahgbjyv2/widget/DownLoadDialog;->downloadFile(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Lcom/liulishuo/filedownloader/BaseDownloadTask;
'http://lms.ahgbjy.gov.cn/Tools/VPlayer.swf' used in: Lcom/telecom/ahgbjyv2/fragment/OffLineCourseFragment;->downloadFile(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Lcom/liulishuo/filedownloader/BaseDownloadTask;
'http://lms.ahgbjy.gov.cn/Tools/VPlayer.swf' used in: Lcom/telecom/ahgbjyv2/fragment/VideoListFragment$VideoListAdapter$1;->onClick(Landroid/view/View;)V
'http://lms.ahgbjy.gov.cn/data/course/57c597f3-c344-4f6d-94e1-9709d7e7ff02/zj1369/study.html' used in: Lcom/telecom/ahgbjyv2/widget/DownLoadDialog;->downloadFile(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Lcom/liulishuo/filedownloader/BaseDownloadTask;
'http://lms.ahgbjy.gov.cn/data/course/57c597f3-c344-4f6d-94e1-9709d7e7ff02/zj1369/study.html' used in: Lcom/telecom/ahgbjyv2/fragment/OffLineCourseFragment;->downloadFile(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Lcom/liulishuo/filedownloader/BaseDownloadTask;
'http://localhost/' used in: Lretrofit2/Response;->error(I Lokhttp3/ResponseBody;)Lretrofit2/Response;
'http://localhost/' used in: Lretrofit2/Response;->success(Ljava/lang/Object; Lokhttp3/Headers;)Lretrofit2/Response;
'http://localhost/' used in: Lretrofit2/Response;->success(Ljava/lang/Object;)Lretrofit2/Response;
'http://qikan.cqvip.com/ext/auto.aspx?id=1109&cc=' used in: Lcom/telecom/ahgbjyv2/fragment/ToolBarWebViewFragment;->getvip()Ljava/lang/String;
'http://schemas.android.com/apk/res/android' used in: Landroid/support/v4/content/res/TypedArrayUtils;->hasAttribute(Lorg/xmlpull/v1/XmlPullParser; Ljava/lang/String;)Z
'javascript:%s.callback(%d, %d %s);' used in: Lcom/just/agentweb/JsCallback;->apply([Ljava/lang/Object;)V
'javascript:(function(b){console.log("' used in: Lcom/just/agentweb/JsCallJava;->(Ljava/lang/Object; Ljava/lang/String;)V
'javascript:try{' used in: Lcom/just/agentweb/AgentWebView;->buildTryCatchInjectJS(Ljava/lang/String;)Ljava/lang/String;
'javascript:try{(function(){if(window.' used in: Lcom/just/agentweb/AgentWebView;->buildNotRepeatInjectJS(Ljava/lang/String; Ljava/lang/String;)Ljava/lang/String;

中危

检测到3处setSavePassword密码明文存储漏洞。

位置: classes.dex
com.just.agentweb.AgentWebView;
com.just.agentweb.AgentWebUtils;
com.telecom.ahgbjyv2.fragment.personal.MyStudyFragment;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测2处Intent Scheme URI漏洞。

位置: classes.dex
Lcom/just/agentweb/DefaultWebClient;->lookup(Ljava/lang/String;)Z
Lcom/just/agentweb/DefaultWebClient;->queryActiviesNumber(Ljava/lang/String;)I


Intent Scheme URI是一种特殊的URL格式,用来通过Web页面启动已安装应用的Activity组件,大多数主流浏览器都支持此功能。如果在app中,没有检查获取到的load_url的值,攻击者可以构造钓鱼网站,诱导用户点击加载,就可以盗取用户信息。所以,对Intent URI的处理不当时,就会导致基于Intent的攻击。建议:
如果使用了Intent.parseUri函数,获取的intent必须严格过滤,intent至少包含addCategory(“android.intent.category.BROWSABLE”),setComponent(null),setSelector(null)3个策略。

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://drops.wooyun.org/papers/2893
http://drops.wooyun.org/mobile/15202

低危

非debug包,需要通过打包平台proguard脚本,移除大部分系统输出代码。
经扫描该包仍存在大量系统输出代码,共发现13处系统输出代码.(此处扫描的系统输出代码,是指调用System.out.print*输出的,本应在打包平台移除的系统输出代码.)
各个bundle系统输出代码详情如下:

位置: classes.dex
rx.plugins.RxJavaHooks;
rx.internal.util.IndexedRingBuffer;
rx.internal.util.RxRingBuffer;
org.slf4j.helpers.Util;
com.telecom.ahgbjyv2.fragment.personal.MyStudyFragment$1;
com.lzy.imagepicker.ImageDataSource;
com.telecom.ahgbjyv2.widget.DownLoadDialog;
com.scwang.smartrefresh.layout.SmartRefreshLayout;
com.fasterxml.jackson.core.util.VersionUtil;
com.telecom.ahgbjyv2.widget.CourseDownLoadListener;
rx.exceptions.CompositeException$WrappedPrintStream;
com.telecom.ahgbjyv2.fragment.LearnCourseFragment$TraceTask$1;
com.telecom.ahgbjyv2.fragment.exam.ExamAnswerFragment$5;

低危

检测到1处主机名弱校验检测漏洞。

位置: classes.dex
com.zhy.http.okhttp.https.HttpsUtils$UnSafeHostnameVerifier;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

自定义HostnameVerifier类,却不实现其verify方法验证域名直接返回true,直接接受任意域名。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考资料:
http://drops.wooyun.org/tips/3296
https://www.91ri.org/12534.html

警告

检测到1处addFlags使用Intent.FLAG_ACTIVITY_NEW_TASK。

位置: classes.dex
com.telecom.ahgbjyv2.utils.CheckVersion;->install

APP创建Intent传递数据到其他Activity,如果创建的Activity不是在同一个Task中打开,就很可能被其他的Activity劫持读取到Intent内容,跨Task的Activity通过Intent传递敏感信息是不安全的。建议:
尽量避免使用包含FLAG_ACTIVITY_NEW_TASK标志的Intent来传递敏感信息。

参考资料:
http://wolfeye.baidu.com/blog/intent-data-leak

警告

检测到2潜在的XSS漏洞。

位置: classes.dex
com.just.agentweb.AbsAgentWebSettings;->settings(Landroid.webkit.WebView;)V
com.telecom.ahgbjyv2.fragment.personal.MyStudyFragment;->onCreateView()Landroid.view.View;

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到3处provider的grantUriPermissions设置为true。
android.support.v4.content.FileProvider
com.lzy.imagepicker.ImagePickerProvider
com.just.agentweb.AgentWebFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6

警告

检测到10处使用了加解密算法。密钥处理不当可能会导致信息泄露。

位置: classes.dex
okio.HashingSource;->(Lokio.Source; Lokio.ByteString; Ljava.lang.String;)V
io.jsonwebtoken.impl.crypto.MacSigner;->(Lio.jsonwebtoken.SignatureAlgorithm; [B)V
io.jsonwebtoken.impl.DefaultJwtBuilder;->compact()Ljava.lang.String;
okio.ByteString;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;
okio.Buffer;->hmac(Ljava.lang.String; Lokio.ByteString;)Lokio.ByteString;
io.jsonwebtoken.impl.crypto.MacProvider;->generateKey(Lio.jsonwebtoken.SignatureAlgorithm; Ljava.security.SecureRandom;)Ljavax.crypto.SecretKey;
io.jsonwebtoken.SigningKeyResolverAdapter;->resolveSigningKey(Lio.jsonwebtoken.JwsHeader; Ljava.lang.String;)Ljava.security.Key;
io.jsonwebtoken.SigningKeyResolverAdapter;->resolveSigningKey(Lio.jsonwebtoken.JwsHeader; Lio.jsonwebtoken.Claims;)Ljava.security.Key;
okio.HashingSink;->(Lokio.Sink; Lokio.ByteString; Ljava.lang.String;)V
io.jsonwebtoken.impl.DefaultJwtParser;->parse(Ljava.lang.String;)Lio.jsonwebtoken.Jwt;

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0105766
http://www.wooyun.org/bugs/wooyun-2015-0162907
http://www.wooyun.org/bugs/wooyun-2010-0187287

参考资料:
http://drops.wooyun.org/tips/15870
https://developer.android.com/training/articles/keystore.html


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书