Posts

Showing posts from August, 2015

XSS+CSRF attack in Tagged using Redirect parameter(Open URL Redirection attack Possible)

Image
Hi guys,

Today i want to show you how you can combine XSS and CSRF attack.This is very interesting but pretty difficult to find and create a POC.

Bug type : XSS+CSRF
Bug category : XSS,CSRF
OWASP link :
1.https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
2.https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)

Description : In tagged you can report spam/abuse on any user.In HTTP POST request you will find a hidden parameter called "Referer" .This URL is used to redirect to you the URL you provide.You can also attack victim to Redirection attack to any website.
Now in Javascript when you give referrer as any URL,It will redirect you to given URL by you.But when you put javascript:alert(1) as a URL it will execute the code which you provide.
Attack Steps :
1. Create a CSRF POC where you will give XSS payload javascript:alert(1)
2.Click on the Button and you will get XSS pop up
3.You can also redirect victim to any malicious UR…

Google re-captcha bypass on indeed

Image
Hi Guys,

Bug type : Broken authentication 

Category : Broken authentication and privilege escalation

OWASP Link : https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Company : Indeed

Description of the vulnerability :
Indeed has implemented Google recaptcha in the forum for new topics and comments.It was vulnerable and same google code could be used for each time.Basically old google code could be used to send a request and server was accepting any google re captcha code.

VIdeo POC Link :

Hall of fame : https://bugcrowd.com/indeed/hall-of-fame

Reward : 200$



Unautherize access to vimeo private/public groups by adding Video (Broken authentication)

Image
Hi Guys,

I am vijay kumar an individual security researcher and active bug bounty  hunter in various  platform.I am starting my blog today to update different security groups and  people in the world.
You can know more about me in my blogger profile or about me page.

Let's talk about the bug :

Bug type : Indirect object reference(IDOR)

Category : Broken authentication and privilege escalation

OWASP Link : https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References

Company : Vimeo

Description of the vulnerability :
In vimeo people can create private/public groups and upload the videos privately.There is a incremental numeric ID provided for the all groups.While adding video to the group HTTP POST parameter  contents groupID which is not validating at server side and leads to add your video to any group on vimeo.

VIdeo POC :

Hall of fame link : https://hackerone.com/vimeo/thanks(You will find it with the username https://hackerone.com/vijay_kumar1110)

Reward :…