Exploiting Unsanitized URL Handling & SQL Injection via Deep Links in iOS App: Write-up of Flipcoin
1 min read
Summary
This report shares a method for extracting sensitive data from an iOS application using a locally injected SQL injection (SQLi) payload.
The approach was applied to an educational environment using the Flipcoin Wallet app for demonstration purposes.
The overall workflow is as follows: install the application → find and open the deep link → analyze the application binary → craft the SQL injection payload → open the deep link with the SQL injection payload → analyze the database and retrieve the data of interest.
To achieve this, we used Frida, Darkrad3, and Ghidra, along with other tools, to analyze the app’s binary, hook the SQL functions, and ultimately extract sensitive data.
In this report, we delve into the details of each step, explain how iOS handles deep links, and provide further references for readers who may want to explore specific topics in greater depth.