Hi guys, today we will be exploiting an <activity> tag that has “android:exported” declared in the tag.
What is an <activity> tag? Quote from Google Search, “Use with the <activity> tag to supply a default banner for a specific activity, …“
That specific activity we are exploiting is “android:exported”, why? Because it is an element that sets whether the activity in the application can be launched by other components of other application.
It has permission has 2 type ‘true’ – means other application can launch the activity, ‘false’ mean the activity can only be launched by the same component of the application or applications with the same userID.
The activity tag…
We are exploiting the vulnerability on “com.android.insecurebankv2.PostLogin”, in the first line of the list, which is to bypass the login page of InsecureBankv2.
In order to exploit, we have to state the intent of it and the type of intent we used is explicit intent as we have a target application we wanted to exploit from our malicious application.
Writing a Java code to exploit by stating the intent.
Once the ‘Button’ is click upon, the system will checks its intent, and since its intent is to open up PostLogin of InsecureBankv2 application, and the intent filter of the insecure application allows such action, the intent of the object will be delivered to the insecure app to start up its activity.
After writing the java code, build an apk file based on the code, name it for e.g. “exploit.apk” and installed the exploit.apk file into the emulator that is running the InsecureBankv2 application.
Run the malicious application in the emulator. 
Click onto ‘Button’.
The result in total bypassing the login screen of the application.
That’s all folks, hope you have a nice day 🙂
Author: Derek
Bs&Derek 