Login Backdoor

Back to jadx in the DoLogin Activity i found this weird Code

The "devadmin" part in the postData method handles a specific case where the username is "devadmin." When the username is "devadmin," the method sends the login data to a different endpoint (/devlogin) rather than the standard login endpoint (/login). This could be used for developers or administrators who might need to authenticate through a different process or endpoint. Here’s a more detailed explanation focusing on this aspect:

Check Username:
- The method checks if the username is "devadmin":
  javaCopy codeif (DoLogin.this.username.equals("devadmin")) {
Send to /devlogin Endpoint:
- If the username is "devadmin", it sets the entity (the body of the HTTP request) for httppost2 (which points to the /devlogin URL) with the prepared login data and executes this post request:
  javaCopy codehttppost2.setEntity(new UrlEncodedFormEntity(nameValuePairs)); responseBody = httpclient.execute(httppost2);
Send to /login Endpoint:
- If the username is not "devadmin", it sets the entity for httppost (which points to the standard /login URL) with the login data and executes this post request:
  javaCopy codehttppost.setEntity(new UrlEncodedFormEntity(nameValuePairs)); responseBody = httpclient.execute(httppost);

So Login with username "devadmin" and without password will authenticate you as devadmin

PreviousModifying Resource Files Leads to Privilege Escalation NextAnalyzing SQLite Storage

Last updated 6 months ago