MOB-INTENT-INJECTPrivilege Escalation

Intent Injection / Pending Intent Abuse

Exported activity accepts an intent extra and forwards it without validation — call privileged internal APIs.

§ Where this technique fits

MOB-INTENT-INJECT is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Deeplink abuse → in-app account takeover
Exported activity registers a custom URL scheme that triggers an OAuth-style 'confirm reset' action without validating the source — phishing URL clicks reset another user's password.
step 3 / 6

§ What commonly comes next

01
Phishing
T1566 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Deeplink abuse → in-app account takeover

§ What commonly comes next