Improper Input Validation¶
Exploiting SQL injection in mobile application frameworks ¶
Basically sql injection in mobile application is similar like web application. There's same payload used to exploit this vuln. But the advantage in this case is that we can see the source code and can check if the developer not properly validate or filter the data that passed through the input field.
Ex. Diva: SQL
Simply analyzing the source code where file contain sql query check it is not closing properly use blah'1 OR '1=1' It will showing you all the things.
Frame Injection in WebView or Cross Site Scripting¶
If any application allows user to view a webpage against the user input or can say if String convert into hyperlink and show webpage in a frame in Activity so it's vulnerable with Frame Injection. Attacker use this vulnerability to perform XSS and Phishing attack etc.
Vulnerability occurs when the app is validating user Input and allows to parse malicious script.
Ex. DIVA:
In Diva Input validation 2 issues Section, the feature is to render website in webkit but when the user pass file:/// or any path directory it's allow user to access.