0

高危漏洞

5

中危漏洞

3

低危漏洞

5

警告

文件名 maya_homepage_v1.3.5_26f4700_2019-02-19_00-50-28.apk
上传者 zke1e
文件大小 63.751881599426MB
MD5 f4f1c9fb94ddfb60e3b96c68c85ed441
包名 my.maya.android
Main Activity com.android.maya.activity.SplashActivity
Min SDK 16
Target SDK 23

权限列表

# 名称 说明 提示
0 android.permission.READ_SMS 允许应用程序读取您的手机或SIM卡中存储的短信。恶意应用程序可借此读取您的机密信息。 警告
1 android.permission.ACCESS_COARSE_LOCATION 访问大概的位置源(例如蜂窝网络数据库)以确定手机的大概位置(如果可以)。恶意应用程序可借此确定您所处的大概位置。 注意
2 android.permission.ACCESS_FINE_LOCATION 访问精准的位置源,例如手机上的全球定位系统(如果有)。恶意应用程序可能会借此确定您所处的位置,并可能消耗额外的电池电量。 注意
3 android.permission.ACCESS_LOCATION_EXTRA_COMMANDS 访问额外的位置信息提供程序命令。恶意应用程序可借此干扰GPS或其他位置源的正常工作。 注意
4 android.permission.BLUETOOTH 允许应用程序查看本地蓝牙手机的配置,以及建立或接受与配对设备的连接。 注意
5 android.permission.GET_TASKS 允许应用程序检索有关当前和最近运行的任务的信息。恶意应用程序可借此发现有关其他应用程序的保密信息。 注意
6 android.permission.READ_CONTACTS 允许应用程序读取您手机上存储的所有联系人(地址)数据。恶意应用程序可借此将您的数据发送给其他人。 注意
7 android.permission.READ_PHONE_STATE 允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号,是否正在通话,以及对方的号码等。 注意
8 android.permission.RECEIVE_BOOT_COMPLETED 允许应用程序在系统完成启动后即自行启动。这样会延长手机的启动时间,而且如果应用程序一直运行,会降低手机的整体速度。 注意
9 android.permission.RECEIVE_SMS 允许应用程序接收和处理短信。恶意应用程序可借此监视您的信息,或者将信息删除而不向您显示。 注意
10 android.permission.RECORD_AUDIO 允许应用程序访问录音路径。 注意
11 android.permission.REORDER_TASKS 允许应用程序将任务移至前端和后台。恶意应用程序可借此强行进入前端,而不受您的控制。 注意
12 android.permission.WRITE_SETTINGS 允许应用程序修改系统设置方面的数据。恶意应用程序可借此破坏您的系统配置。 注意
13 android.permission.WRITE_SYNC_SETTINGS 允许应用程序修改同步设置,例如是否为\“联系人\”启用同步。 注意
14 android.permission.ACCESS_NETWORK_STATE 允许应用程序查看所有网络的状态。 提示
15 android.permission.ACCESS_WIFI_STATE 允许应用程序查看有关WLAN状态的信息。 提示
16 android.permission.AUTHENTICATE_ACCOUNTS 允许应用程序使用AccountManager的帐户身份验证程序功能,包括创建帐户以及获取和设置其密码。 提示
17 android.permission.CAMERA 允许应用程序使用相机拍照,这样应用程序可随时收集进入相机镜头的图像。 提示
18 android.permission.CHANGE_CONFIGURATION 允许应用程序更改当前配置,例如语言设置或整体的字体大小。 提示
19 android.permission.CHANGE_NETWORK_STATE 允许应用程序更改网络连接的状态。 提示
20 android.permission.CHANGE_WIFI_STATE 允许应用程序连接到WLAN接入点以及与WLAN接入点断开连接,并对配置的WLAN网络进行更改。 提示
21 android.permission.DISABLE_KEYGUARD 允许应用程序停用键锁和任何关联的密码安全设置。例如,在手机上接听电话时停用键锁,在通话结束后重新启用键锁。 提示
22 android.permission.GET_ACCOUNTS 允许应用程序获取手机已知的帐户列表。 提示
23 android.permission.INTERNET 允许程序访问网络. 提示
24 android.permission.MANAGE_ACCOUNTS 允许应用程序执行添加、删除帐户及删除其密码之类的操作。 提示
25 android.permission.MODIFY_AUDIO_SETTINGS 允许应用程序修改整个系统的音频设置,如音量和路由。 提示
26 android.permission.MOUNT_UNMOUNT_FILESYSTEMS 允许应用程序装载和卸载可移动存储器的文件系统。 提示
27 android.permission.READ_LOGS 允许应用程序从系统的各日志文件中读取信息。这样应用程序可以发现您的手机使用情况,但这些信息不应包含任何个人信息或保密信息。 提示
28 android.permission.READ_SYNC_SETTINGS 允许应用程序读取同步设置,例如是否为\“联系人\”启用同步。 提示
29 android.permission.RESTART_PACKAGES 允许程序自己重启或重启其他程序 提示
30 android.permission.USE_CREDENTIALS 允许应用程序请求身份验证标记。 提示
31 android.permission.VIBRATE 允许应用程序控制振动器。 提示
32 android.permission.WAKE_LOCK 允许应用程序防止手机进入休眠状态。 提示
33 android.permission.WRITE_EXTERNAL_STORAGE 允许应用程序写入SD卡。 提示

四大组件

组件名称

com.android.maya.activity.SplashActivity
com.android.maya.activity.MainActivity
com.android.maya.assembling.schema.AdsAppActivity
com.android.maya.assembling.schema.SingleTaskAdsAppActivity
com.ss.android.newmedia.feedback.FeedbackActivity
com.ss.android.newmedia.feedback.SubmitFeedbackActivity
com.ss.android.newmedia.activity.browser.BrowserActivity
com.ss.android.module.verify_applog.ApplogEventVerifyShowActivity
com.ss.android.module.verify_applog.AppLogVerifyTestKeyValueActivity
com.android.maya.scan.ScanActivity
com.android.maya.business.im.chat.ChatActivity
com.android.maya.business.im.preview.PreviewActivity
com.android.maya.business.moments.feed.MomentDetailActivity
com.android.maya.business.account.profile.moment.UserStoryActivity
com.android.maya.business.moments.story.detail.StoryDetailActivity
com.android.maya.business.moments.story.detail.DiscoveryStoryDetailActivity
com.android.maya.business.moments.story.detail.FriendStoryDetailActivity
com.android.maya.business.moments.message.MomentsMessageActivity
com.android.maya.business.moments.report.MomentReportActivity
com.android.maya.business.moments.newstory.viewer.ViewerDetailActivity
my.maya.android.bdopen.BdEntryActivity
com.android.maya.business.account.profile.UserProfileActivity
com.android.maya.business.account.invitation.InvitationCodeActivity
com.android.maya.business.friends.picker.friend.FriendPickerActivity
com.android.maya.business.record.moment.edit.ui.forward.ForwardContentActivity
com.android.maya.business.friends.picker.conversation.ConversationPickerActivity
com.android.maya.business.im.members.MemberListActivity
com.android.maya.business.record.moment.edit.ui.RecordMainActivity
com.android.maya.business.record.moment.edit.base.MayaMainEditContentActivity
com.android.maya.business.record.moment.edit.cut.VideoCutActivity
com.android.maya.business.moments.story.record.StoryReplyRecordActivity
com.android.maya.business.moments.story.record.ui.StoryReplyMediaPreviewActivity
com.android.maya.business.record.im.traditional.TraditionalVERecordActivity
com.android.maya.business.account.login.setting.InfoSettingActivity
com.android.maya.business.stranger.common.StrangerRecordActivity
com.android.maya.business.stranger.common.StrangerReviewActivity
com.android.maya.business.stranger.common.StrangerPlayActivity
com.android.maya.business.record.avatar.AvatarRecordActivity
com.android.maya.business.record.face.ScanFaceActivity
com.android.maya.business.record.game.ui.GameCameraActivity
com.android.maya.business.main.scan.ScanActivity
com.android.maya.base.im.base.DemoActivity
com.android.maya.base.im.chat.ChatRoomActivity
com.android.maya.base.im.conversation.ConversationListActivity
com.android.maya.base.im.group.MemberListActivity
com.android.maya.base.im.conversation.ConversationDetailActivity
com.android.maya.business.im.chatinfo.ChatInfoActivity
com.android.maya.business.im.chatinfo.GroupQrCodeActivity
com.android.maya.base.im.edit.EditMediaPreviewActivity
com.android.maya.base.im.edit.MayaIMEditContentActivity
com.android.maya.business.record.redpacket.SpringRecordActivity
com.android.maya.business.setting.BaseSettingActivity
com.android.maya.business.setting.DevelopActivity
com.android.maya.business.setting.logdisplay.ALogDisplayActivity
com.android.maya.business.setting.PluginListActivity
com.android.maya.business.setting.PicDecryptActivity
com.android.maya.business.setting.VideoPlayerDevActivity
com.android.maya.business.main.friend.AddFriendActivity
com.android.maya.business.main.friend.FriendRequestListActivity
com.android.maya.business.main.friend.AccountAddActivity
com.android.maya.business.stranger.setting.StrangerSettingActivity
com.android.maya.business.stranger.feed.StrangerActivity
com.android.maya.business.friends.ui.VideoPreviewActivity
com.android.maya.business.friends.ui.FriendRequestPageActivity
com.android.maya.business.stranger.chat.StrangerChatListActivity
com.android.maya.business.shoot.CropActivity
com.android.maya.business.shoot.ThumbPreviewActivity
com.android.maya.business.friends.ui.ContactsActivity
com.android.maya.business.account.setting.SettingActivity
com.android.maya.business.account.setting.UserPrivacySettingActivity
com.android.maya.business.account.paging.PagingUserListActivity
com.android.maya.business.search.SearchActivity
com.android.maya.business.record.moment.edit.ui.pick.PickSearchActivity
com.android.maya.business.account.complain.UserComplainActivity
com.android.maya.business.im.textinput.TextInputActivity
com.android.maya.base.im.preview.SingleMediaPreviewActivity
com.android.maya.business.im.awake.AwakeActivity
com.android.maya.business.im.awake.NotificationActivity
com.android.maya.business.main.MineQrCodeActivity
com.android.maya.business.bridge.MediaChooserBridgeActivity
com.android.maya.business.im.chat.StoryReplyVideoActivity
com.android.maya.business.im.at.AtSearch.AtMemberActivity
com.android.maya.business.tempbox.TempBoxChatListActivity
com.android.maya.business.qmoji.AvatarAnimateActivity
com.android.maya.business.qmoji.AvatarChooseGenderActivity
com.android.maya.business.qmoji.AvatarChooseItemActivity
com.android.maya.business.face2face.friends.Face2FaceActivity
com.android.maya.business.face2face.group.Face2FaceGroupActivity
com.android.maya.browser.MiscBrowserActivity
com.android.maya.redpacket.base.business.detail.activity.RedPacketDetailActivity
com.android.maya.redpacket.base.business.send.activity.RedPacketSendActivity
com.android.maya.redpacket.base.test.TestSendActivity
com.android.maya.redpacket.base.test.TestMaskActivity
com.android.maya.redpacket.base.test.TestRedpacketUIActivity
com.android.maya.redpacket.base.business.balance.UserBalanceActivity
com.ss.android.newmedia.feedback.FeedBackBrowserActivity
com.bytedance.mediachooser.MediaChooserActivity
com.bytedance.mediachooser.image.ImagePreviewActivity
com.bytedance.mediachooser.video.VideoPreviewActivity
com.maya.android.videoplay.VideoLivePlayActivity
my.maya.android.wttsharesdk.WttShareActivity
my.maya.android.wxapi.WXEntryActivity
com.tencent.tauth.AuthActivity
com.tencent.connect.common.AssistActivity
com.ss.android.download.SizeLimitActivity
com.ss.android.download.DownloadDeleteActivity
com.android.ttcjpaysdk.ttcjpayweb.TTCJPayH5Activity
com.android.ttcjpaysdk.ttcjpayactivity.TTCJPayCheckoutCounterActivity
com.android.ttcjpaysdk.ttcjpayactivity.TTCJPayTransActivity
com.ss.android.livedetector.activity.DecLiveActivity
com.bytedance.frameworks.plugin.core.PluginLoadIndicator
com.bytedance.frameworks.plugin.stub.ShortcutProxyActivity
com.bytedance.frameworks.plugin.stub.p0.StubTranslucentActivity
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity1
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity2
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity3
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity4
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity5
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity6
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity7
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity8
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity9
com.bytedance.frameworks.plugin.stub.p0.StubStandardActivity10
com.bytedance.frameworks.plugin.stub.p0.StubSingleTopActivity1
com.bytedance.frameworks.plugin.stub.p0.StubSingleTopActivity2
com.bytedance.frameworks.plugin.stub.p0.StubSingleTopActivity3
com.bytedance.frameworks.plugin.stub.p0.StubSingleTopActivity4
com.bytedance.frameworks.plugin.stub.p0.StubSingleTopActivity5
com.bytedance.frameworks.plugin.stub.p0.StubSingleTaskActivity1
com.bytedance.frameworks.plugin.stub.p0.StubSingleTaskActivity2
com.bytedance.frameworks.plugin.stub.p0.StubSingleTaskActivity3
com.bytedance.frameworks.plugin.stub.p0.StubSingleTaskActivity4
com.bytedance.frameworks.plugin.stub.p0.StubSingleTaskActivity5
com.bytedance.frameworks.plugin.stub.p0.StubSingleInstanceActivity1
com.bytedance.frameworks.plugin.stub.p0.StubSingleInstanceActivity2
com.bytedance.frameworks.plugin.stub.p0.StubSingleInstanceActivity3
com.bytedance.frameworks.plugin.stub.p0.StubSingleInstanceActivity4
com.bytedance.frameworks.plugin.stub.p0.StubSingleInstanceActivity5
com.bytedance.frameworks.plugin.stub.p1.StubTranslucentActivity
com.bytedance.frameworks.plugin.stub.p1.StubStandardActivity1
com.bytedance.frameworks.plugin.stub.p1.StubStandardActivity2
com.bytedance.frameworks.plugin.stub.p1.StubStandardActivity3
com.bytedance.frameworks.plugin.stub.p1.StubStandardActivity4
com.bytedance.frameworks.plugin.stub.p1.StubStandardActivity5
com.bytedance.frameworks.plugin.stub.p1.StubSingleTopActivity1
com.bytedance.frameworks.plugin.stub.p1.StubSingleTopActivity2
com.bytedance.frameworks.plugin.stub.p1.StubSingleTopActivity3
com.bytedance.frameworks.plugin.stub.p1.StubSingleTopActivity4
com.bytedance.frameworks.plugin.stub.p1.StubSingleTopActivity5
com.bytedance.frameworks.plugin.stub.p1.StubSingleTaskActivity1
com.bytedance.frameworks.plugin.stub.p1.StubSingleTaskActivity2
com.bytedance.frameworks.plugin.stub.p1.StubSingleTaskActivity3
com.bytedance.frameworks.plugin.stub.p1.StubSingleTaskActivity4
com.bytedance.frameworks.plugin.stub.p1.StubSingleTaskActivity5
com.bytedance.frameworks.plugin.stub.p1.StubSingleInstanceActivity1
com.bytedance.frameworks.plugin.stub.p1.StubSingleInstanceActivity2
com.bytedance.frameworks.plugin.stub.p1.StubSingleInstanceActivity3
com.bytedance.frameworks.plugin.stub.p1.StubSingleInstanceActivity4
com.bytedance.frameworks.plugin.stub.p1.StubSingleInstanceActivity5
com.bytedance.frameworks.plugin.stub.p2.StubTranslucentActivity
com.bytedance.frameworks.plugin.stub.p2.StubStandardActivity1
com.bytedance.frameworks.plugin.stub.p2.StubStandardActivity2
com.bytedance.frameworks.plugin.stub.p2.StubStandardActivity3
com.bytedance.frameworks.plugin.stub.p2.StubStandardActivity4
com.bytedance.frameworks.plugin.stub.p2.StubSingleTopActivity1
com.bytedance.frameworks.plugin.stub.p2.StubSingleTopActivity2
com.bytedance.frameworks.plugin.stub.p2.StubSingleTopActivity3
com.bytedance.frameworks.plugin.stub.p2.StubSingleTopActivity4
com.bytedance.frameworks.plugin.stub.p2.StubSingleTopActivity5
com.bytedance.frameworks.plugin.stub.p2.StubSingleTaskActivity1
com.bytedance.frameworks.plugin.stub.p2.StubSingleTaskActivity2
com.bytedance.frameworks.plugin.stub.p2.StubSingleTaskActivity3
com.bytedance.frameworks.plugin.stub.p2.StubSingleTaskActivity4
com.bytedance.frameworks.plugin.stub.p2.StubSingleTaskActivity5
com.bytedance.frameworks.plugin.stub.p2.StubSingleInstanceActivity1
com.bytedance.frameworks.plugin.stub.p2.StubSingleInstanceActivity2
com.bytedance.frameworks.plugin.stub.p2.StubSingleInstanceActivity3
com.bytedance.frameworks.plugin.stub.p2.StubSingleInstanceActivity4
com.bytedance.frameworks.plugin.stub.p2.StubSingleInstanceActivity5
com.huawei.android.pushagent.permission.PermissionsMgrActivity
com.vivo.push.sdk.LinkProxyClientActivity
com.xiaomi.PermissionActivity
com.ss.android.message.sswo.SswoActivity
com.google.android.gms.common.api.GoogleApiActivity
com.bdcaijing.tfccsdk.TfccWeb.TfccH5Activity
com.ss.android.socialbase.appdownloader.view.DownloadSizeLimitActivity
com.ss.android.socialbase.appdownloader.view.DownloadTaskDeleteActivity
com.bytedance.sdk.account.open.aweme.impl.TTWebAuthorizeActivity
com.sina.weibo.sdk.web.WeiboSdkWebActivity
com.sina.weibo.sdk.share.WbShareTransActivity
com.sina.weibo.sdk.share.WbShareToStoryActivity
com.alipay.sdk.app.H5PayActivity

com.bytedance.ttnet.hostmonitor.HostMonitor
com.android.maya.accountmanager.AccountSyncService
com.android.maya.accountmanager.AuthenticatorService
com.android.maya.assembling.push.message.MessageHandler
com.ss.android.http.OpenUrlService
com.amap.api.location.APSService
com.android.maya.assembling.push.message.window.AlarmManagerScheduleService
com.ss.android.websocket.internal.WebSocketService
com.ss.android.download.DownloadService
com.ss.android.download.DownloadHandlerService
com.bytedance.crash.upload.CrashUploadService
com.bytedance.common.wschannel.server.WsChannelService
com.bytedance.common.wschannel.client.WsClientService
com.bytedance.frameworks.plugin.am.KeepAlive
com.bytedance.frameworks.plugin.am.KeepAlive$InnerService
com.bytedance.frameworks.plugin.stub.p0.StubService1
com.bytedance.frameworks.plugin.stub.p0.StubService2
com.bytedance.frameworks.plugin.stub.p0.StubService3
com.bytedance.frameworks.plugin.stub.p0.StubService4
com.bytedance.frameworks.plugin.stub.p0.StubService5
com.bytedance.frameworks.plugin.stub.p0.StubService6
com.bytedance.frameworks.plugin.stub.p0.StubService7
com.bytedance.frameworks.plugin.stub.p0.StubService8
com.bytedance.frameworks.plugin.stub.p1.StubService1
com.bytedance.frameworks.plugin.stub.p1.StubService2
com.bytedance.frameworks.plugin.stub.p1.StubService3
com.bytedance.frameworks.plugin.stub.p1.StubService4
com.bytedance.frameworks.plugin.stub.p1.StubService5
com.bytedance.frameworks.plugin.stub.p2.StubService1
com.bytedance.frameworks.plugin.stub.p2.StubService2
com.bytedance.frameworks.plugin.stub.p2.StubService3
com.bytedance.frameworks.plugin.stub.p2.StubService4
com.bytedance.frameworks.plugin.stub.p2.StubService5
com.taobao.accs.ChannelService
com.taobao.accs.data.MsgDistributeService
com.taobao.accs.internal.AccsJobService
com.taobao.accs.ChannelService$KernelService
org.android.agoo.accs.AgooService
com.umeng.message.UmengIntentService
com.umeng.message.XiaomiIntentService
com.umeng.message.UmengMessageIntentReceiverService
com.umeng.message.UmengMessageCallbackHandlerService
com.umeng.UmengMessageHandler
com.umeng.message.UmengDownloadResourceService
com.alibaba.sdk.android.push.AliyunPushIntentService
com.alibaba.sdk.android.push.CloudPushIntentService
com.alibaba.sdk.android.push.PushIntentService
com.alibaba.sdk.android.push.MsgService
com.alibaba.sdk.android.push.channel.TaobaoRecvService
com.huawei.android.pushagent.PushService
com.meizu.cloud.pushsdk.NotificationService
com.vivo.push.sdk.service.CommandClientService
com.xiaomi.push.service.XMPushService
com.xiaomi.push.service.XMJobService
com.xiaomi.mipush.sdk.PushMessageHandler
com.xiaomi.mipush.sdk.MessageHandleService
com.coloros.mcssdk.PushService
com.ss.android.message.NotifyService
com.ss.android.message.NotifyIntentService
com.ss.android.message.PushJobService
com.ss.android.message.log.LogService
com.ss.android.push.daemon.PushService
com.baidu.android.pushservice.CommandService
com.igexin.sdk.PushService
com.ss.android.push.DefaultService
com.ss.android.newmedia.redbadge.RedbadgeHandler
com.ss.android.socialbase.appdownloader.DownloadHandlerService
com.ss.android.socialbase.downloader.notification.DownloadNotificationService
com.ss.android.socialbase.downloader.downloader.DownloadService
com.ss.android.socialbase.downloader.downloader.IndependentProcessDownloadService
com.ss.android.socialbase.downloader.impls.DownloadHandleService

com.android.maya.assembling.download.common.DownloadCompleteReceiver
com.bytedance.ttnet.hostmonitor.ConnectivityReceiver
com.taobao.agoo.AgooCommondReceiver
com.meizu.message.MzMessageReceiver
com.android.maya.assembling.push.message.window.ScreenReceiver
com.android.maya.assembling.push.window.oppo.ScreenReceiver
com.ss.android.download.DownloadReceiver
com.ss.android.article.base.feature.plugin.PluginReportReceiver
com.bytedance.frameworks.plugin.receiver.MiraErrorLogReceiver
com.taobao.accs.EventReceiver
com.taobao.accs.ServiceReceiver
com.umeng.message.NotificationProxyBroadcastReceiver
com.alibaba.sdk.android.push.SystemEventReceiver
com.aliyun.AliyunMessageReceiver
com.huawei.push.service.receivers.HWPushMessageHandler
com.huawei.android.pushagent.PushEventReceiver
com.huawei.android.pushagent.PushBootReceiver
com.meizu.cloud.pushsdk.SystemReceiver
com.vivo.VivoPushMessageReceiver
com.xiaomi.push.service.receivers.NetworkStatusReceiver
com.xiaomi.push.service.receivers.PingReceiver
com.xiaomi.push.service.receivers.MIPushMessageHandler
com.ss.android.message.MessageReceiver
com.ss.android.push.daemon.PushReceiver
com.baidu.android.pushservice.RegistrationReceiver
com.igexin.sdk.PushReceiver
com.ss.android.push.DefaultReceiver
com.ss.android.message.sswo.SswoReceiver

com.android.maya.accountmanager.AccountProvider
com.ss.android.common.util.MultiProcessSharedProvider
com.igexin.download.DownloadProvider
com.ss.android.pushmanager.setting.PushMultiProcessSharedProvider
com.umeng.message.provider.MessageProvider
com.bytedance.common.plugin.interfaces.pushmanager.WakeupProvider
com.ss.android.livedetector.provider.DecFileProvider
com.bytedance.common.wschannel.WsChannelMultiProcessSharedProvider
com.bytedance.frameworks.plugin.pm.PluginPackageManagerProvider
com.bytedance.frameworks.plugin.am.PluginActivityManagerProvider
com.bytedance.frameworks.plugin.stub.p0.StubContentProvider
com.bytedance.frameworks.plugin.stub.p1.StubContentProvider
com.bytedance.frameworks.plugin.stub.p2.StubContentProvider
com.ss.android.partner.WakeupProvider
android.arch.lifecycle.ProcessLifecycleOwnerInitializer
com.bytedance.frameworks.core.monitor.MonitorContentProvider

第三方库

# 库名 介绍
0 com.alibaba.fastjson Fast JSON Processor https://github.com/alibaba/fastjson/wiki
1 org.apache.thrift Apache Thrift 是 Facebook 实现的一种高效的、支持多种编程语言的远程服务调用的框架。
2 com.facebook.cache.common An image management library by FaceBook.
3 okhttp3 An HTTP+SPDY client for Android and Java applications.
4 com.alipay.sdk 支付宝移动支付功能
5 com.huawei.android.pushagent 华为推送
6 com.umeng.message 将APP的内容更新或者活动通知主动推送给终端用户,让用户第一时间获取到相关信息,有效提升用户活跃度和忠诚度。
7 com.facebook.imagepipeline An image management library by FaceBook.
8 com.sina.weibo 新浪微博开放平台(Weibo Open Platform)是基于新浪微博海量用户和强大的传播能力,接入第三方合作伙伴服务,向用户提供丰富应用和完善服务的开放平台。将你的服务接入微博平台,有助于推广产品,增加网站/应用的流量、拓展新用户,获得收益。
9 com.xiaomi.mipush.sdk 小米推送(MiPush)是小米公司为开发者提供的消息推送服务,通过在云端和客户端之间建立一条稳定、可靠的长连接,为开发者提供向客户端应用推送实时消息的服务,帮助开发者有效地拉动用户活跃。
10 android.support.transition A backport of the new Transitions API for Android.
11 com.igexin 通过个推的技术,APP可主动向用户推送新闻动态、版本更新、优惠活动、生活服务等各类信息,并通过多维度用户群组分析进行智能匹配,给合适的人群合适的场景推送合适的内容,大幅度提升消息点击率、用户活跃度和留存率
12 pl.droidsonroids.gif Views and Drawable for displaying animated GIFs on Android
13 org.msgpack MessagePack is an extremely efficient object serialization library. It's like JSON, but very fast and small.
14 com.baidu.android.pushservice 百度云推送(Push)是一站式APP信息推送平台,为企业和开发者提供免费的消息推送服务,开发者可以通过云推送向用户精准推送通知和自定义消息以提升用户留存率和活跃度。
15 android.support.multidex DEPRECATED
16 com.handmark.pulltorefresh DEPRECATED
17 com.google.gson A Java serialization library that can convert Java Objects into JSON and back.
18 com.amap.api 高德LBS开放平台将高德最专业的定位、地图、搜索、导航等能力,以API、SDK等形式向广大开发者免费开放
19 com.umeng.analytics 友盟统计分析平台是国内最大的移动应用统计分析平台。
20 org.apache.thrift Apache Thrift 是 Facebook 实现的一种高效的、支持多种编程语言的远程服务调用的框架。
21 com.umeng.analytics.game 友盟游戏统计分析为移动游戏开发者提供了开箱即用的一站式解决方案。
22 com.tencent.connect 腾讯开放平台
23 pl.droidsonroids.gif Views and Drawable for displaying animated GIFs on Android
24 okhttp3 An HTTP+SPDY client for Android and Java applications.
25 org.msgpack MessagePack is an extremely efficient object serialization library. It's like JSON, but very fast and small.
26 org.apache.harmony Apache Harmony software is a modular Java runtime with class libraries and associated tools.
27 com.umeng.message 将APP的内容更新或者活动通知主动推送给终端用户,让用户第一时间获取到相关信息,有效提升用户活跃度和忠诚度。
28 com.tencent.tauth 腾讯QQ互联平台为广大开发者整理了SDK列表,辅助开发者快速接入QQ登录、分享等功能。QQ互联是腾讯旗下的开放平台,通过QQ互联,网站主和开发者可以申请接入QQ登录、用户可以使用QQ账号登录接入的站点,通过添加分享和赞组件,将站点内容分享到QQ空间和朋友网,通过获取API授权,网站主还可以将用户操作同步到QQ空间和朋友网。
29 in.srain.cube.views.ptr Ultra Pull to Refresh for Android. Support all the views.
30 com.xiaomi.mipush.sdk 小米推送(MiPush)是小米公司为开发者提供的消息推送服务,通过在云端和客户端之间建立一条稳定、可靠的长连接,为开发者提供向客户端应用推送实时消息的服务,帮助开发者有效地拉动用户活跃。
31 org.json 根据Gson库使用的要求,将JSONObject格式的String 解析成实体
32 com.google.android.gms.maps 谷歌地图是 Google 公司提供的电子地图服务,包括局部详细的卫星照片。此款服务可以提供含有政区和交通以及商业信息的矢量地图、不同分辨率的卫星照片和可以用来显示地形和等高线地形视图。在各类平台均有应用,操作简单方便。
33 com.handmark.pulltorefresh DEPRECATED
34 com.google.protobuf Protocol Buffers - Google's data interchange format https://developers.google.com/protocol-buffers/
35 com.facebook.cache.common An image management library by FaceBook.
36 com.facebook.device.yearclass A library that analyzes an Android device's specifications and calculates which year the device would be considered "high end”.
37 com.huawei.android.pushagent 华为推送
38 com.google.zxing Official ZXing ("Zebra Crossing") project home
39 com.google.gson A Java serialization library that can convert Java Objects into JSON and back.
40 com.facebook.imagepipeline An image management library by FaceBook.
41 com.sina.weibo 新浪微博开放平台(Weibo Open Platform)是基于新浪微博海量用户和强大的传播能力,接入第三方合作伙伴服务,向用户提供丰富应用和完善服务的开放平台。将你的服务接入微博平台,有助于推广产品,增加网站/应用的流量、拓展新用户,获得收益。

静态扫描发现风险点

风险等级 风险名称

中危

检测到当前标志被设置成true或没设置,这会导致adb调试备份允许恶意攻击者复制应用程序数据,造成数据泄露。

中危

检测到3处证书弱校验漏洞。

位置: classes.dex
anet.channel.util.b$b$a;

位置: classes4.dex
com.ss.sys.ces.d.a$b;
com.ss.sys.secuni.c.b;

当移动App客户端使用https或ssl/tls进行通信时,如果不校验证书的可信性,将存在中间人攻击漏洞,可导致信息泄露,传输数据被篡改,甚至通过中间人劫持将原有信息替换成恶意链接或恶意代码程序,以达到远程控制等攻击意图。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考案例:
www.wooyun.org/bugs/wooyun-2014-079358

参考资料:
http://drops.wooyun.org/tips/3296
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/
https://jaq.alibaba.com/blog.htm?id=60

中危

检测到4个未移除的敏感Test或Debug组件

com.ss.android.module.verify_applog.AppLogVerifyTestKeyValueActivity
com.android.maya.redpacket.base.test.TestSendActivity
com.android.maya.redpacket.base.test.TestMaskActivity
com.android.maya.redpacket.base.test.TestRedpacketUIActivity

建议:
在正式发布app前移除敏感的Test或Debug组件

中危

检测到5个WebView远程执行漏洞。

位置: classes2.dex
com.bytedance.sdk.bridge.js.webview.BDWebView;->a()V
com.bytedance.sdk.bridge.js.delegate.a;->a(Landroid.webkit.WebView; Landroid.webkit.WebViewClient;)V

位置: classes3.dex
com.loc.cu;->a()V
com.huawei.android.pushselfshow.richpush.html.HtmlViewer;->enableJavaJS(Ljava.lang.String;)V
com.huawei.android.pushselfshow.richpush.html.HtmlViewer;->enableJavaJS(Ljava.lang.String;)V

Android API < 17之前版本存在远程代码执行安全漏洞,该漏洞源于程序没有正确限制使用addJavaScriptInterface方法,攻击者可以通过Java反射利用该漏洞执行任意Java对象的方法,导致远程代码执行安全漏洞。
(1)API等于高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252
http://drops.wooyun.org/papers/548

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis
https://developer.android.com/reference/android/webkit/WebView.html

中危

检测到15处setSavePassword密码明文存储漏洞。

位置: classes.dex
com.android.ttcjpaysdk.ttcjpayweb.TTCJPayWebView;
com.android.maya.utils.u;
com.android.maya.a.d;
com.android.maya.browser.a;
com.android.maya.browser.d;

位置: classes2.dex
com.bdcaijing.tfccsdk.TfccWeb.view.TfccWebView;
com.bytedance.common.b.b$a;
com.bytedance.common.b.f$b;
com.android.ttcjpaysdk.ttcjpayweb.f;
com.bytedance.sdk.account.bdopen.impl.d;
com.bytedance.sdk.bridge.js.webview.BDWebView;
com.bytedance.common.b.c$b;

位置: classes3.dex
com.loc.cu;

位置: classes4.dex
com.ss.android.newmedia.b.a;
com.ss.sys.ck.SCWebView;

webview的保存密码功能默认设置为true。Webview会明文保存网站上的密码到本地私有文件”databases/webview.db”中。对于可以被root的系统环境或者配合其他漏洞(如webview的同源绕过漏洞),攻击者可以获取到用户密码。
建议:显示设置webView.getSetting().setSavePassword(false)。

参考案例:
www.wooyun.org/bugs/wooyun-2010-021420
www.wooyun.org/bugs/wooyun-2013-020246

参考资料:
http://wolfeye.baidu.com/blog/
www.claudxiao.net/2013/03/android-webview-cache/

低危

检测9处Intent Scheme URI漏洞。

位置: classes.dex
Lcom/android/maya/assembling/push/message/lockscreen/LockScreenNotificationActivity;->a(Landroid/content/Intent;)V
Lcom/xiaomi/mipush/sdk/ah;->a(Landroid/content/Context; Ljava/lang/String; Ljava/util/Map;)Landroid/content/Intent;
Lcom/xiaomi/push/service/ah;->b(Landroid/content/Context; Ljava/lang/String; I Ljava/util/Map;)Landroid/content/Intent;

位置: classes5.dex
Lcom/vivo/push/c/s;->a(Lcom/vivo/push/v;)V

位置: classes2.dex
Lcom/bytedance/frameworks/plugin/stub/ShortcutProxyActivity;->a()Landroid/content/Intent;
Lcom/android/ttcjpaysdk/ttcjpaythirdpartypayment/TTCJWXPayEntryActivity;->a(Lcom/tencent/mm/opensdk/modelbase/BaseResp;)V

位置: classes3.dex
Lcom/huawei/android/pushselfshow/a/a;->f()V
Lcom/huawei/android/pushselfshow/c/d;->b(Landroid/content/Context; Lcom/huawei/android/pushselfshow/b/a;)Landroid/content/Intent;
Lcom/huawei/android/pushselfshow/richpush/html/a/d;->a(Ljava/lang/String; Ljava/lang/String; Z)V


Intent Scheme URI是一种特殊的URL格式,用来通过Web页面启动已安装应用的Activity组件,大多数主流浏览器都支持此功能。如果在app中,没有检查获取到的load_url的值,攻击者可以构造钓鱼网站,诱导用户点击加载,就可以盗取用户信息。所以,对Intent URI的处理不当时,就会导致基于Intent的攻击。建议:
如果使用了Intent.parseUri函数,获取的intent必须严格过滤,intent至少包含addCategory(“android.intent.category.BROWSABLE”),setComponent(null),setSelector(null)3个策略。

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://drops.wooyun.org/papers/2893
http://drops.wooyun.org/mobile/15202

低危

检测到5处主机名弱校验检测漏洞。

位置: classes.dex
anet.channel.util.b$a;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

位置: classes5.dex
com.umeng.message.util.HttpRequest$1;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

位置: classes4.dex
com.sina.weibo.sdk.net.b$a;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z
com.ss.sys.ces.d.a$a;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z
com.ss.sys.secuni.c.a;->verify(Ljava.lang.String; Ljavax.net.ssl.SSLSession;)Z

自定义HostnameVerifier类,却不实现其verify方法验证域名直接返回true,直接接受任意域名。建议:
对SSL证书进行强校验,包括签名CA是否合法、证书是否是自签名、主机域名是否匹配、证书是否过期等。

参考资料:
http://drops.wooyun.org/tips/3296
https://www.91ri.org/12534.html

低危

检测到1处地方在自定义实现的WebViewClient类在onReceivedSslError调用proceed()方法。

位置: classes.dex
com.alipay.sdk.auth.AuthActivity$b;->onReceivedSslError(Landroid.webkit.WebView; Landroid.webkit.SslErrorHandler; Landroid.net.http.SslError;)V

Android WebView组件加载网页发生证书认证错误时,会调用WebViewClient类的onReceivedSslError方法,如果该方法实现调用了handler.proceed()来忽略该证书错误,则会受到中间人攻击的威胁,可能导致隐私泄露。建议:
当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面当发生证书认证错误时,采用默认的处理方法handler.cancel(),停止加载问题页面。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0109266

参考资料:
https://jaq.alibaba.com/blog.htm?id=60
http://wolfeye.baidu.com/blog/webview-ignore-ssl-error/

警告

检测到65个导出的组件接收其他app的消息,这些组件会被其他app引用并导致dos攻击。

activity com.android.maya.assembling.schema.AdsAppActivity
activity com.android.maya.assembling.schema.SingleTaskAdsAppActivity
activity my.maya.android.bdopen.BdEntryActivity
activity my.maya.android.wttsharesdk.WttShareActivity
activity my.maya.android.wxapi.WXEntryActivity
activity com.tencent.tauth.AuthActivity
activity com.bytedance.frameworks.plugin.stub.ShortcutProxyActivity
activity com.vivo.push.sdk.LinkProxyClientActivity
activity com.sina.weibo.sdk.share.WbShareTransActivity
activity com.sina.weibo.sdk.share.WbShareToStoryActivity
service com.android.maya.accountmanager.AccountSyncService
service com.android.maya.accountmanager.AuthenticatorService
service com.android.maya.assembling.push.message.MessageHandler
service com.ss.android.http.OpenUrlService
service com.bytedance.common.wschannel.server.WsChannelService
service com.bytedance.common.wschannel.client.WsClientService
service com.bytedance.frameworks.plugin.stub.p1.StubService1
service com.bytedance.frameworks.plugin.stub.p1.StubService2
service com.bytedance.frameworks.plugin.stub.p1.StubService3
service com.bytedance.frameworks.plugin.stub.p1.StubService4
service com.bytedance.frameworks.plugin.stub.p1.StubService5
service com.bytedance.frameworks.plugin.stub.p2.StubService1
service com.bytedance.frameworks.plugin.stub.p2.StubService2
service com.bytedance.frameworks.plugin.stub.p2.StubService3
service com.bytedance.frameworks.plugin.stub.p2.StubService4
service com.bytedance.frameworks.plugin.stub.p2.StubService5
service com.taobao.accs.ChannelService
service com.taobao.accs.data.MsgDistributeService
service org.android.agoo.accs.AgooService
service com.umeng.message.UmengIntentService
service com.umeng.message.XiaomiIntentService
service com.umeng.message.UmengMessageIntentReceiverService
service com.alibaba.sdk.android.push.AliyunPushIntentService
service com.alibaba.sdk.android.push.PushIntentService
service com.alibaba.sdk.android.push.channel.TaobaoRecvService
service com.meizu.cloud.pushsdk.NotificationService
service com.vivo.push.sdk.service.CommandClientService
service com.xiaomi.mipush.sdk.PushMessageHandler
service com.ss.android.message.NotifyService
service com.ss.android.message.log.LogService
service com.baidu.android.pushservice.CommandService
service com.igexin.sdk.PushService
service com.ss.android.newmedia.redbadge.RedbadgeHandler
service com.ss.android.socialbase.downloader.downloader.IndependentProcessDownloadService
receiver com.android.maya.assembling.download.common.DownloadCompleteReceiver
receiver com.bytedance.ttnet.hostmonitor.ConnectivityReceiver
receiver com.taobao.agoo.AgooCommondReceiver
receiver com.meizu.message.MzMessageReceiver
receiver com.android.maya.assembling.push.message.window.ScreenReceiver
receiver com.android.maya.assembling.push.window.oppo.ScreenReceiver
receiver com.ss.android.download.DownloadReceiver
receiver com.bytedance.frameworks.plugin.receiver.MiraErrorLogReceiver
receiver com.taobao.accs.EventReceiver
receiver com.taobao.accs.ServiceReceiver
receiver com.aliyun.AliyunMessageReceiver
receiver com.huawei.push.service.receivers.HWPushMessageHandler
receiver com.huawei.android.pushagent.PushEventReceiver
receiver com.huawei.android.pushagent.PushBootReceiver
receiver com.vivo.VivoPushMessageReceiver
receiver com.xiaomi.push.service.receivers.NetworkStatusReceiver
receiver com.xiaomi.push.service.receivers.MIPushMessageHandler
receiver com.ss.android.message.MessageReceiver
receiver com.baidu.android.pushservice.RegistrationReceiver
receiver com.igexin.sdk.PushReceiver
receiver com.ss.android.message.sswo.SswoReceiver

建议:
(1)最小化组件暴露。对不会参与跨应用调用的组件建议显示添加android:exported="false"属性。
(2)设置组件访问权限。对provider设置权限,同时将权限的protectionLevel设置为"signature"或"signatureOrSystem"。
(3)组件传输数据验证。对组件之间,特别是跨应用的组件之间的数据传入与返回做验证和增加异常处理,防止恶意调试数据传入,更要防止敏感数据返回。

参考案例:
http://www.wooyun.org/bugs/wooyun-2010-0169746
http://www.wooyun.org/bugs/wooyun-2010-0104965

参考资料:
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.Wz4OeC&id=55
《Android安全技术解密与防范》

警告

检测到24个导出的隐式Service组件。
service com.android.maya.accountmanager.AccountSyncService
service com.android.maya.accountmanager.AuthenticatorService
service com.android.maya.assembling.push.message.MessageHandler
service com.ss.android.http.OpenUrlService
service com.bytedance.frameworks.plugin.stub.p1.StubService1
service com.bytedance.frameworks.plugin.stub.p1.StubService2
service com.bytedance.frameworks.plugin.stub.p1.StubService3
service com.bytedance.frameworks.plugin.stub.p1.StubService4
service com.bytedance.frameworks.plugin.stub.p1.StubService5
service com.bytedance.frameworks.plugin.stub.p2.StubService1
service com.bytedance.frameworks.plugin.stub.p2.StubService2
service com.bytedance.frameworks.plugin.stub.p2.StubService3
service com.bytedance.frameworks.plugin.stub.p2.StubService4
service com.bytedance.frameworks.plugin.stub.p2.StubService5
service com.taobao.accs.ChannelService
service com.taobao.accs.data.MsgDistributeService
service org.android.agoo.accs.AgooService
service com.umeng.message.UmengIntentService
service com.umeng.message.XiaomiIntentService
service com.umeng.message.UmengMessageIntentReceiverService
service com.ss.android.message.NotifyService
service com.igexin.sdk.PushService
service com.ss.android.newmedia.redbadge.RedbadgeHandler
service com.ss.android.socialbase.downloader.downloader.IndependentProcessDownloadService

建议:为了确保应用的安全性,启动Service时,请始终使用显式Intent,且不要为服务声明Intent过滤器。使用隐式Intent启动服务存在安全隐患,因为您无法确定哪些服务将响应Intent,且用户无法看到哪些服务已启动。从Android 5.0(API 级别 21)开始,如果使用隐式 Intent 调用 bindService(),系统会抛出异常。

参考资料:
https://developer.android.com/guide/components/intents-filters.html#Types

警告

检测2处組件設置了android.intent.category.BROWSABLE属性。
com.android.maya.assembling.schema.AdsAppActivity
com.tencent.tauth.AuthActivity


在AndroidManifest文件中定义了android.intent.category.BROWSABLE属性的组件,可以通过浏览器唤起,这会导致远程命令执行漏洞攻击。建议:
(1)APP中任何接收外部输入数据的地方都是潜在的攻击点,过滤检查来自网页的参数。
(2)不要通过网页传输敏感信息,有的网站为了引导已经登录的用户到APP上使用,会使用脚本动态的生成URL Scheme的参数,其中包括了用户名、密码或者登录态token等敏感信息,让用户打开APP直接就登录了。恶意应用也可以注册相同的URL Sechme来截取这些敏感信息。Android系统会让用户选择使用哪个应用打开链接,但是如果用户不注意,就会使用恶意应用打开,导致敏感信息泄露或者其他风险。

參考案例:
http://www.wooyun.org/bugs/wooyun-2014-073875
http://www.wooyun.org/bugs/wooyun-2014-067798

参考资料:
http://wolfeye.baidu.com/blog/intent-scheme-url/
http://www.jssec.org/dl/android_securecoding_en.pdf
http://drops.wooyun.org/mobile/15202
http://blog.csdn.net/l173864930/article/details/36951805
http://drops.wooyun.org/papers/2893

警告

检测到12潜在的XSS漏洞。

位置: classes.dex
com.alipay.sdk.auth.AuthActivity;->onCreate(Landroid.os.Bundle;)V
com.alipay.sdk.util.k;->a(Landroid.app.Activity; Ljava.lang.String; Ljava.lang.String;)Landroid.webkit.WebView;
com.android.ttcjpaysdk.ttcjpayweb.TTCJPayWebView;->a(Landroid.content.Context;)V
com.android.maya.browser.a;->a(Landroid.view.View;)Lcom.bytedance.sdk.bridge.js.webview.BDWebView;

位置: classes5.dex
com.tencent.open.a;->b()V

位置: classes2.dex
com.bytedance.sdk.account.bdopen.impl.d;->a(Landroid.content.Context;)V
com.bytedance.sdk.bridge.js.webview.BDWebView;->a()V
com.bdcaijing.tfccsdk.TfccWeb.view.TfccWebView;->a(Landroid.content.Context;)V

位置: classes3.dex
com.loc.cu;->a()V
com.huawei.android.pushselfshow.richpush.html.HtmlViewer;->a()V

位置: classes4.dex
com.ss.sys.ck.SCWebView;->a()V
com.sina.weibo.sdk.web.WeiboSdkWebActivity;->d()V

允许WebView执行JavaScript(setJavaScriptEnabled),有可能导致XSS攻击。建议尽量避免使用。
(1)API等于高高于17的Android系统。出于安全考虑,为了防止Java层的函数被随意调用,Google在4.2版本之后,规定允许被调用的函数必须以@JavascriptInterface进行注解。
(2)API等于高高于17的Android系统。建议不要使用addJavascriptInterface接口,以免带来不必要的安全隐患,如果一定要使用该接口,建议使用证书校验。
u(3)使用removeJavascriptInterface移除Android系统内部的默认内置接口:searchBoxJavaBridge_、accessibility、accessibilityTraversal。

参考案例:
www.wooyun.org/bugs/wooyun-2015-0140708
www.wooyun.org/bugs/wooyun-2016-0188252

参考资料:
http://jaq.alibaba.com/blog.htm?id=48
http://blog.nsfocus.net/android-webview-remote-code-execution-vulnerability-analysis

警告

检测到1处provider的grantUriPermissions设置为true。
com.ss.android.livedetector.provider.DecFileProvider


grant-uri-permission若设置为true,可被其它程序员通过uri访问到content provider的内容,容易造成信息泄露。

参考资料:
https://security.tencent.com/index.php/blog/msg/6


动态扫描发现风险点

风险等级 风险名称

服务端分析

风险等级 风险名称

警告

检测到?处XSS漏洞。
开发中...

警告

检测到?处XSS跨站漏洞。
开发中...

应用证书