0x00
本文参考Android WebView 远程代码执行漏洞简析。代码地址为,https://github.com/jltxgcy/AppVulnerability/tree/master/WebViewFileDemo。下面我们分析代码。
0x01
首先列出项目工程目录:
MainActivity.java的代码如下:
public class MainActivity extends Activity {
private WebView webView;
private Uri mUri;
private String url;
//String mUrl1 = "file:///android_asset/html/attack_file.html";
String mUrl2 = "file:///android_asset/html/test.html";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activi