I’m trying my hand at Android hacking, and I just came across this intent filter for a login activity:
<intent-filter android:autoVerify="true" android:order="10"> <data android:host="*domain.com"/> <data android:path="/login"/> <data android:scheme="https"/> <data android:scheme="http"/> (...) </intent-filter>
Coming from a web background, this looks a lot like the Android equivalent to a misconfigured CORS that allows all origins that end in
domain.com - such as
attackerdomain.com - because there is no
. before the
I don’t really understand what the intent filter actually does. Does this look like a vulnerability? How could it be exploited?