GitBook: [master] 418 pages modified
This commit is contained in:
parent
7cc246de93
commit
ba709d2558
@ -441,7 +441,16 @@ _Note that you can **omit the package name** and the mobile will automatically c
|
||||
<a href="intent://hostname#Intent;scheme=scheme;package=your.package.name;S.browser_fallback_url=http%3A%2F%2Fwww.example.com;end">with alternative</a>
|
||||
```
|
||||
|
||||
Every time you find a deep link check that i**t's not receiving sensitive data \(like passwords\) via URL parameters**, because any other application could **impersonate the deep link and steal that data!**
|
||||
#### Sensitive info
|
||||
|
||||
Every time you find a deep link check that i**t's not receiving sensitive data \(like passwords\) via URL parameters**, because any other application could **impersonate the deep link and steal that data!**
|
||||
|
||||
#### Parameters in path
|
||||
|
||||
You **must check also if any deep link is using a parameter inside the path** of the URL like: `https://api.example.com/v1/users/{username}` , in that case you can force a path traversal accessing something like: `example://app/users?username=../../unwanted-endpoint%3fparam=value` .
|
||||
Note that if you find the correct endpoints inside the application you may be able to cause a **Open Redirect** \(if part of the path is used as domain name\), **account takeover** \(if you can modify users details without CSRF token and the vuln endpoint used the correct method\) and any other vuln. More [info about this here](http://dphoeniixx.com/2020/12/13-2/).
|
||||
|
||||
#### More examples
|
||||
|
||||
An [interesting bug bounty report](https://hackerone.com/reports/855618) about links \(_/.well-known/assetlinks.json_\).
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user