Skip to main content

Featured

Stealing CSRF tokens using XSS on Signup page

I'm assuming everyone reading this blog post know what CSRF and XSS are.If you don't, having a quick search on google can yield you many results. While crawling for vulnerabilities and searching on google, navigating through pages. I finally landed on a website. As per disclosure policies I'm not allowed to disclose the company/website. So lets use REDACTED.com. Doing recon using passive and active techniques. I found no sub-domains , no low hanging vulnerabilities. Every mechanism works pretty fine or may be I missed something. After hours of testing, signup page caught my attention. I was like "How did I miss this..." Navigated to https://www.REDACTED.com/signup After analysis, the url input fields are vulnerable to XSS. But it turns out to be useless because it's on signup page.I though of exploiting it. First I registered an account and verified it using the confirmation link I received in my inbox. I navigated to prof

ClickJacking Vulnerability in Google Acquisition "FireBase"

Hello Friends this is my second post on how i found a clickjacking vulnerability in google acquired website "FireBase".

Description :
Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.


Vulnerability type: ClickJacking

Status : Not yet patched

Proof of Concept :

[1].Create a HTML document like this in your notepad:
<html>
<body>
<iframe src="https://www.firebase.com/account/#/profile">
</body>
[2].Save the file as something.html
[3].Open the file in your browser
[4].The site will automatically load in frame in browser like this :


But reply from google security team made me sad :(
reply :
Thanks for reading.
Hope you guys enjoyed
happy hacking :)

Comments

Post a Comment

Popular Posts