Login Backdoor
Back to jadx in the DoLogin Activity i found this weird Code
The "devadmin" part in the postData
method handles a specific case where the username is "devadmin." When the username is "devadmin," the method sends the login data to a different endpoint (/devlogin
) rather than the standard login endpoint (/login
). This could be used for developers or administrators who might need to authenticate through a different process or endpoint. Hereβs a more detailed explanation focusing on this aspect:
Check Username:
The method checks if the username is "devadmin":
Send to
/devlogin
Endpoint:If the username is "devadmin", it sets the entity (the body of the HTTP request) for
httppost2
(which points to the/devlogin
URL) with the prepared login data and executes this post request:
Send to
/login
Endpoint:If the username is not "devadmin", it sets the entity for
httppost
(which points to the standard/login
URL) with the login data and executes this post request:
So Login with username "devadmin" and without password will authenticate you as devadmin
Last updated