├── .gitignore
├── AndroidManifest.xml
├── build.xml
├── proguard-project.txt
├── project.properties
├── res
    ├── drawable-hdpi
    │   └── ic_launcher.png
    ├── drawable-mdpi
    │   └── ic_launcher.png
    ├── drawable-xhdpi
    │   └── ic_launcher.png
    ├── layout
    │   └── activity_main.xml
    ├── menu
    │   └── main.xml
    ├── values-sw600dp
    │   └── dimens.xml
    ├── values-sw720dp-land
    │   └── dimens.xml
    ├── values-v11
    │   └── styles.xml
    ├── values-v14
    │   └── styles.xml
    └── values
    │   ├── dimens.xml
    │   ├── strings.xml
    │   └── styles.xml
└── src
    └── org
        └── droidsec
            └── vulnwebview
                ├── MainActivity.java
                └── WebAppInterface.java


/.gitignore:
--------------------------------------------------------------------------------
 1 | # built application files
 2 | *.apk
 3 | *.ap_
 4 | *.jar
 5 | 
 6 | # files for the dex VM
 7 | *.dex
 8 | 
 9 | # Java class files
10 | *.class
11 | 
12 | # generated files
13 | bin/
14 | gen/
15 | obj/
16 | 
17 | # Local configuration file (sdk path, etc)
18 | local.properties
19 | 
20 | # Eclipse project files
21 | .classpath
22 | .project
23 | .settings
24 | 
25 | # other stuff
26 | no-dist
27 | 
28 | 


--------------------------------------------------------------------------------
/AndroidManifest.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 3 |     package="org.droidsec.vulnwebview"
 4 |     android:versionCode="1"
 5 |     android:versionName="1.0" >
 6 | 
 7 |     <uses-sdk
 8 |         android:minSdkVersion="8"
 9 |         android:targetSdkVersion="16" />
10 |     <uses-permission android:name="android.permission.INTERNET"/>
11 | 
12 |     <application
13 |         android:allowBackup="true"
14 |         android:icon="@drawable/ic_launcher"
15 |         android:label="@string/app_name"
16 |         android:theme="@style/AppTheme" >
17 |         <activity
18 |             android:name="org.droidsec.vulnwebview.MainActivity"
19 |             android:label="@string/app_name" >
20 |             <intent-filter>
21 |                 <action android:name="android.intent.action.MAIN" />
22 | 
23 |                 <category android:name="android.intent.category.LAUNCHER" />
24 |             </intent-filter>
25 |         </activity>
26 |     </application>
27 | 
28 | </manifest>
29 | 


--------------------------------------------------------------------------------
/build.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project name="MainActivity" default="help">
 3 | 
 4 |     <!-- The local.properties file is created and updated by the 'android' tool.
 5 |          It contains the path to the SDK. It should *NOT* be checked into
 6 |          Version Control Systems. -->
 7 |     <property file="local.properties" />
 8 | 
 9 |     <!-- The ant.properties file can be created by you. It is only edited by the
10 |          'android' tool to add properties to it.
11 |          This is the place to change some Ant specific build properties.
12 |          Here are some properties you may want to change/update:
13 | 
14 |          source.dir
15 |              The name of the source directory. Default is 'src'.
16 |          out.dir
17 |              The name of the output directory. Default is 'bin'.
18 | 
19 |          For other overridable properties, look at the beginning of the rules
20 |          files in the SDK, at tools/ant/build.xml
21 | 
22 |          Properties related to the SDK location or the project target should
23 |          be updated using the 'android' tool with the 'update' action.
24 | 
25 |          This file is an integral part of the build system for your
26 |          application and should be checked into Version Control Systems.
27 | 
28 |          -->
29 |     <property file="ant.properties" />
30 | 
31 |     <!-- if sdk.dir was not set from one of the property file, then
32 |          get it from the ANDROID_HOME env var.
33 |          This must be done before we load project.properties since
34 |          the proguard config can use sdk.dir -->
35 |     <property environment="env" />
36 |     <condition property="sdk.dir" value="${env.ANDROID_HOME}">
37 |         <isset property="env.ANDROID_HOME" />
38 |     </condition>
39 | 
40 |     <!-- The project.properties file is created and updated by the 'android'
41 |          tool, as well as ADT.
42 | 
43 |          This contains project specific properties such as project target, and library
44 |          dependencies. Lower level build properties are stored in ant.properties
45 |          (or in .classpath for Eclipse projects).
46 | 
47 |          This file is an integral part of the build system for your
48 |          application and should be checked into Version Control Systems. -->
49 |     <loadproperties srcFile="project.properties" />
50 | 
51 |     <!-- quick check on sdk.dir -->
52 |     <fail
53 |             message="sdk.dir is missing. Make sure to generate local.properties using 'android update project' or to inject it through the ANDROID_HOME environment variable."
54 |             unless="sdk.dir"
55 |     />
56 | 
57 |     <!--
58 |         Import per project custom build rules if present at the root of the project.
59 |         This is the place to put custom intermediary targets such as:
60 |             -pre-build
61 |             -pre-compile
62 |             -post-compile (This is typically used for code obfuscation.
63 |                            Compiled code location: ${out.classes.absolute.dir}
64 |                            If this is not done in place, override ${out.dex.input.absolute.dir})
65 |             -post-package
66 |             -post-build
67 |             -pre-clean
68 |     -->
69 |     <import file="custom_rules.xml" optional="true" />
70 | 
71 |     <!-- Import the actual build file.
72 | 
73 |          To customize existing targets, there are two options:
74 |          - Customize only one target:
75 |              - copy/paste the target into this file, *before* the
76 |                <import> task.
77 |              - customize it to your needs.
78 |          - Customize the whole content of build.xml
79 |              - copy/paste the content of the rules files (minus the top node)
80 |                into this file, replacing the <import> task.
81 |              - customize to your needs.
82 | 
83 |          ***********************
84 |          ****** IMPORTANT ******
85 |          ***********************
86 |          In all cases you must update the value of version-tag below to read 'custom' instead of an integer,
87 |          in order to avoid having your file be overridden by tools such as "android update project"
88 |     -->
89 |     <!-- version-tag: 1 -->
90 |     <import file="${sdk.dir}/tools/ant/build.xml" />
91 | 
92 | </project>
93 | 


--------------------------------------------------------------------------------
/proguard-project.txt:
--------------------------------------------------------------------------------
 1 | # To enable ProGuard in your project, edit project.properties
 2 | # to define the proguard.config property as described in that file.
 3 | #
 4 | # Add project specific ProGuard rules here.
 5 | # By default, the flags in this file are appended to flags specified
 6 | # in ${sdk.dir}/tools/proguard/proguard-android.txt
 7 | # You can edit the include path and order by changing the ProGuard
 8 | # include property in project.properties.
 9 | #
10 | # For more details, see
11 | #   http://developer.android.com/guide/developing/tools/proguard.html
12 | 
13 | # Add any project specific keep options here:
14 | 
15 | # If your project uses WebView with JS, uncomment the following
16 | # and specify the fully qualified class name to the JavaScript interface
17 | # class:
18 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
19 | #   public *;
20 | #}
21 | 


--------------------------------------------------------------------------------
/project.properties:
--------------------------------------------------------------------------------
 1 | # This file is automatically generated by Android Tools.
 2 | # Do not modify this file -- YOUR CHANGES WILL BE ERASED!
 3 | #
 4 | # This file must be checked in Version Control Systems.
 5 | #
 6 | # To customize properties used by the Ant build system edit
 7 | # "ant.properties", and override values to adapt the script to your
 8 | # project structure.
 9 | #
10 | # To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
11 | #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
12 | 
13 | # Project target.
14 | target=android-17
15 | 


--------------------------------------------------------------------------------
/res/drawable-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jduck/VulnWebView/ac4ce37275cfe5198c905b1ae38a6aacda8c8e39/res/drawable-hdpi/ic_launcher.png


--------------------------------------------------------------------------------
/res/drawable-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jduck/VulnWebView/ac4ce37275cfe5198c905b1ae38a6aacda8c8e39/res/drawable-mdpi/ic_launcher.png


--------------------------------------------------------------------------------
/res/drawable-xhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jduck/VulnWebView/ac4ce37275cfe5198c905b1ae38a6aacda8c8e39/res/drawable-xhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
 1 | <RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
 2 |     xmlns:tools="http://schemas.android.com/tools"
 3 |     android:layout_width="match_parent"
 4 |     android:layout_height="match_parent"
 5 |     android:paddingBottom="@dimen/activity_vertical_margin"
 6 |     android:paddingLeft="@dimen/activity_horizontal_margin"
 7 |     android:paddingRight="@dimen/activity_horizontal_margin"
 8 |     android:paddingTop="@dimen/activity_vertical_margin"
 9 |     tools:context=".MainActivity" >
10 | 
11 |     <WebView
12 |         android:id="@+id/webView1"
13 |         android:layout_width="match_parent"
14 |         android:layout_height="match_parent"
15 |         android:layout_below="@+id/button1" />
16 | 
17 |     <Button
18 |         android:id="@+id/button1"
19 |         android:layout_width="wrap_content"
20 |         android:layout_height="wrap_content"
21 |         android:layout_alignParentTop="true"
22 |         android:text="Refresh" />
23 | 
24 | </RelativeLayout>


--------------------------------------------------------------------------------
/res/menu/main.xml:
--------------------------------------------------------------------------------
 1 | <menu xmlns:android="http://schemas.android.com/apk/res/android" >
 2 | 
 3 |     <item
 4 |         android:id="@+id/action_settings"
 5 |         android:orderInCategory="100"
 6 |         android:showAsAction="never"
 7 |         android:title="@string/action_settings"/>
 8 | 
 9 | </menu>
10 | 


--------------------------------------------------------------------------------
/res/values-sw600dp/dimens.xml:
--------------------------------------------------------------------------------
1 | <resources>
2 | 
3 |     <!--
4 |          Customize dimensions originally defined in res/values/dimens.xml (such as
5 |          screen margins) for sw600dp devices (e.g. 7" tablets) here.
6 |     -->
7 | 
8 | </resources>
9 | 


--------------------------------------------------------------------------------
/res/values-sw720dp-land/dimens.xml:
--------------------------------------------------------------------------------
 1 | <resources>
 2 | 
 3 |     <!--
 4 |          Customize dimensions originally defined in res/values/dimens.xml (such as
 5 |          screen margins) for sw720dp devices (e.g. 10" tablets) in landscape here.
 6 |     -->
 7 |     <dimen name="activity_horizontal_margin">128dp</dimen>
 8 | 
 9 | </resources>
10 | 


--------------------------------------------------------------------------------
/res/values-v11/styles.xml:
--------------------------------------------------------------------------------
 1 | <resources>
 2 | 
 3 |     <!--
 4 |         Base application theme for API 11+. This theme completely replaces
 5 |         AppBaseTheme from res/values/styles.xml on API 11+ devices.
 6 |     -->
 7 |     <style name="AppBaseTheme" parent="android:Theme.Holo.Light">
 8 |         <!-- API 11 theme customizations can go here. -->
 9 |     </style>
10 | 
11 | </resources>
12 | 


--------------------------------------------------------------------------------
/res/values-v14/styles.xml:
--------------------------------------------------------------------------------
 1 | <resources>
 2 | 
 3 |     <!--
 4 |         Base application theme for API 14+. This theme completely replaces
 5 |         AppBaseTheme from BOTH res/values/styles.xml and
 6 |         res/values-v11/styles.xml on API 14+ devices.
 7 |     -->
 8 |     <style name="AppBaseTheme" parent="android:Theme.Holo.Light.DarkActionBar">
 9 |         <!-- API 14 theme customizations can go here. -->
10 |     </style>
11 | 
12 | </resources>
13 | 


--------------------------------------------------------------------------------
/res/values/dimens.xml:
--------------------------------------------------------------------------------
1 | <resources>
2 | 
3 |     <!-- Default screen margins, per the Android Design guidelines. -->
4 |     <dimen name="activity_horizontal_margin">16dp</dimen>
5 |     <dimen name="activity_vertical_margin">16dp</dimen>
6 | 
7 | </resources>
8 | 


--------------------------------------------------------------------------------
/res/values/strings.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <resources>
3 | 
4 |     <string name="app_name">VulnWebView</string>
5 |     <string name="action_settings">Settings</string>
6 |     <string name="hello_world">Hello world!</string>
7 | 
8 | </resources>
9 | 


--------------------------------------------------------------------------------
/res/values/styles.xml:
--------------------------------------------------------------------------------
 1 | <resources>
 2 | 
 3 |     <!--
 4 |         Base application theme, dependent on API level. This theme is replaced
 5 |         by AppBaseTheme from res/values-vXX/styles.xml on newer devices.
 6 |     -->
 7 |     <style name="AppBaseTheme" parent="android:Theme.Light">
 8 |         <!--
 9 |             Theme customizations available in newer API levels can go in
10 |             res/values-vXX/styles.xml, while customizations related to
11 |             backward-compatibility can go here.
12 |         -->
13 |     </style>
14 | 
15 |     <!-- Application theme. -->
16 |     <style name="AppTheme" parent="AppBaseTheme">
17 |         <!-- All customizations that are NOT specific to a particular API-level can go here. -->
18 |     </style>
19 | 
20 | </resources>
21 | 


--------------------------------------------------------------------------------
/src/org/droidsec/vulnwebview/MainActivity.java:
--------------------------------------------------------------------------------
 1 | package org.droidsec.vulnwebview;
 2 | 
 3 | import android.os.Bundle;
 4 | import android.annotation.SuppressLint;
 5 | import android.app.Activity;
 6 | import android.view.Menu;
 7 | import android.view.View;
 8 | import android.webkit.WebSettings;
 9 | import android.webkit.WebView;
10 | import android.widget.Button;
11 | 
12 | @SuppressLint("SetJavaScriptEnabled")
13 | public class MainActivity extends Activity {
14 | 
15 | 	@Override
16 | 	protected void onCreate(Bundle savedInstanceState) {
17 | 		super.onCreate(savedInstanceState);
18 | 		setContentView(R.layout.activity_main);
19 | 		
20 | 		final Button button = (Button) findViewById(R.id.button1);
21 |         button.setOnClickListener(new View.OnClickListener() {
22 |             public void onClick(View v) {
23 |                 // Perform action on click
24 |         		WebView myWebView = (WebView) findViewById(R.id.webView1);
25 |         		myWebView.reload();
26 |             }
27 |         });
28 | 		
29 | 		WebView myWebView = (WebView) findViewById(R.id.webView1);
30 | 		
31 | 		// not a good idea!
32 | 		WebSettings webSettings = myWebView.getSettings();
33 | 		webSettings.setJavaScriptEnabled(true);
34 | 		
35 | 		// terrible idea!
36 | 		myWebView.addJavascriptInterface(new WebAppInterface(this), "Android");
37 | 		
38 | 		// woot.
39 | 		myWebView.loadUrl("http://www.droidsec.org/tests/addjsif/");
40 | 	}
41 | 
42 | 	@Override
43 | 	public boolean onCreateOptionsMenu(Menu menu) {
44 | 		// Inflate the menu; this adds items to the action bar if it is present.
45 | 		getMenuInflater().inflate(R.menu.main, menu);
46 | 		return true;
47 | 	}
48 | 
49 | }
50 | 


--------------------------------------------------------------------------------
/src/org/droidsec/vulnwebview/WebAppInterface.java:
--------------------------------------------------------------------------------
 1 | package org.droidsec.vulnwebview;
 2 | 
 3 | import android.content.Context;
 4 | import android.widget.Toast;
 5 | 
 6 | public class WebAppInterface {
 7 |     Context mContext;
 8 |     //private String mWTF = "lolz";
 9 | 
10 |     /** Instantiate the interface and set the context */
11 |     WebAppInterface(Context c) {
12 |         mContext = c;
13 |     }
14 | 
15 |     /** Show a toast from the web page */
16 |     public void showToast(String toast) {
17 |         Toast.makeText(mContext, toast, Toast.LENGTH_SHORT).show();
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------