Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

TikTok is the new vine or the twitter for videos only. This is quite popular among the kids today!

The first vulnerability is an XSS bug via a deep link in the mobile app. It turns out that lots of mobile applications are embedded with lots of web pages! In order to test this bug as fast as possible, the author hooked the function with Frida to see what was going on. This was done because of concatenating of strings to run JS commands from part of the URL.

The second bug was another XSS in a Webview. This was possible because the link validation was only done on https/http links. So, it was trivial to add a link with a JavaScript URI for XSS.

From the second XSS, it was possible to run intents in the Android application. Using an intent called in TmaTestActivity in split_df_miniapp.apk, we can download arbitrary zip files in order to update the SDK!

This activity had a directory traversal vulnerability as well. Using the intent and the directory traversal, it is possible to overwrite system libraries to something malicious.

Finally, there was an intent to reload the application. Putting all of this together, the library will run at startup and a shell has been popped.

It is pretty amazing that a single click on a link could lead to compromise because of TikTok. And XSS on a webview leads to RCE!? That's something I'll be looking out for in the future.