How i found creative bug and how able to change the impact from low to high?
Hello everyone !!! Hope all are good and fine.
I’m back again, in this is my report i well show How i found creative bug and how able to change the impact from low to high?
Are you exciteabile????
First When I was trying to understand the functions of the target, I found that the user is not allowed to change his email. Well, why don’t we try to change it, but how?
Well, I tried changing the username to see what the request contains?
In this case I add some parameters such as: email , emailUser , Email , Address, email_confirm …..etc
But all my attempts were in failure
I left the target for hours and then tried again…
Well, it worked this time. I found that this parameter changes the user’s email after they confirm it “emailAddress” . This is a vulnerability and a violation of secure design principles
Then, let’s go report, but wait a minute!! why don’t we try raising the impact a little and get a big reward
Have you thought of anything else with me?!
Yahhh, of course
ِAccoount takeover :) , since we can change the mail there may be a weakness!!!
But the road was about to be closed!! because there was a token, but slow down, go back and read My methodology to bypass CSRF token with 5 Methods important !!
I found “method 2” the server is not validated another csrf i able to change csrf to another csrf token account , i have successfully bypassed csrf protection and can perform i own CSRF attack.
add parameter emailAddress via request to success change email > bypass csrf token via change another csrf token account > create csrf POC and reported ATO
Thank you for taking the time to read this piece. Kindly remember to leave a comment sharing your thoughts on the blog if you liked them.
Feed | LinkedIn — My LinkedIn Profile