在4.0至4.2的Android系统上,Webview会增加searchBoxJavaBredge_,导致远程代码执行。攻击者可以向页面植入Javascript,通过反射在客户端中执行任意恶意代码。
相关函数:Lio/dcloud/share/ShareAuthorizeView;- >load
public void load(io.dcloud.share.a p8, String p9)
{
String v0_0 = p8.a(p9);
Class[] v3 = new Class[1];
v3[0] = io.dcloud.share.ShareAuthorizeView;
Object[] v4_1 = new Object[1];
v4_1[0] = this;
String v0_2 = ((io.dcloud.share.AbsWebviewClient) io.dcloud.adapter.util.PlatformUtil.invokeMethod(v0_0, "getWebviewClient", 0, v3, v4_1));
this.b.setWebViewClient(v0_2);
this.b.loadUrl(v0_2.getInitUrl());
return;
}
修复建议: 在Webview中调用removeJavascriptInterface("searchBoxJavaBredge_")
