Intentionally vulnerable webview implementions in Android

1. Basic webview hijack with attacker controlled URL in RegistrationWebView.java
2. User token leaked to attacker via header and JavaScript interface in SupportWebView.java ( exploit hosted here )
3. Universal file access allowed in RegistrationWebView.java enables exfiltration of private files ( exploit hosted here )

• If you want, you can clone this repository into Android Studio, or you can simply download the app.apk and install it on your device.