Skip to main content

Featured

Stealing CSRF tokens using XSS on Signup page

I'm assuming everyone reading this blog post know what CSRF and XSS are.If you don't, having a quick search on google can yield you many results. While crawling for vulnerabilities and searching on google, navigating through pages. I finally landed on a website. As per disclosure policies I'm not allowed to disclose the company/website. So lets use REDACTED.com. Doing recon using passive and active techniques. I found no sub-domains , no low hanging vulnerabilities. Every mechanism works pretty fine or may be I missed something. After hours of testing, signup page caught my attention. I was like "How did I miss this..." Navigated to https://www.REDACTED.com/signup After analysis, the url input fields are vulnerable to XSS. But it turns out to be useless because it's on signup page.I though of exploiting it. First I registered an account and verified it using the confirmation link I received in my inbox. I navigated to prof
Post a Comment
Read more

Low Hanging Fruits #1

Grabbing : Low Hanging Fruits #1
hey man.. wassup?


Still single? get-up ...find some bugs...
2018, wish you Happy buggy year. :D 


We are successfully wasting time. Just saying.

This is worth the time for noob(s) like me, So I hope you do enjoy.

Lets quickly jump into grabbing some juicy fruits and squeeze tasty juice out of it.

Recently, I was invited to a private site(beta version/stage).

Quickly started to pentest the site. After hours of testing, I landed up with zero fruits in my hand.

We(noobs) as testers start with so much agitation and after few minutes,hours we lose the confidence gradually.

Finally , Started to test the password reset functionality. I typed my email address in the reset password page.

I received a mail stating your new password is : **** (a randomly generated pass-code)
Something triggered.


Quickly Started Burp , intercepted the password reset request.
 
RULE #1 : capture the response for the sensitive functionalities, you may end up finding loops.
(for someone who doesn't know how to capture the response to a request.
And click forward till you receive/see the response captured.)

Here's the response, I received after password reset request for my email.


Bunch of lines :(

RULE 2# : Inspect the source code.
After a while, I saw this snippet :

Did you See that? :D new password was leaked in the response.
Quickly navigated to login page and typed the email and the new password , the password we found in the response, andddddddd Happy New year :P

Successfully Logged In.

Reported and got a decent bounty.

RULE TO RULE : INSPECT SOURCE CODE. 

Any help : I'm all ears (varunchowdary19@gmail.com)

//HAPPY HUNTING//

Hare krishna.
Signing off,
Varun







Comments

Post a Comment

Popular Posts