.

Tuesday 30 September 2014

Logical Bug in Humblebundle.com Bug # 2




POC - Got Valid Bug in Humblebundle.com




Introduction About me:

I am Abdul Haq Khokhar , I am Independent Security Researcher and i have found a Vulnerability in Your website(Humblebundle) So here is the POC and Detail Below :
Website : http://humblebundle.com/
Bug : Change Anything through Contact Email in HumbleBundle

Step to Repro:

1)Contact contact@humblebundle.com for the Recover the account .
2)You will get a reply saying " for confirmation can you say send an email from your email account associated with your username " ie. from victim@gmail.com .
3)reply ok and use a spoofing service made by you or a hacker to send spoofed emails example https://emkei.cz/
4)know the victims email account and use it to send as senders email address to send a spoofed email saying change "e.g :as you want" or changing anything or recovery any email etc
5.it will be done by the support staff .

By knowing email of victim you can change anyone's Detail.
Just a spoofed senders email is enough!

Countermeasure:

You must validate the email header and must use a proper email service provider like gmail to filter these kind of emails as a countermeasure.

After 2 days i have Got Positive Reply From Humblebundle Security team on Bugcrowd.com: 




They Also Provided me 5 Kudos for the Better Rank on BugCrowd:

 




HumbleBundle Hall Of Fame [9th Position]: 

 



They also Providing Swag

Swag is Coming soon i Hope will get soon :)

Thanks for Reading ,
Regards,
Abdul Haq Khokhar
Independent Security Researcher
https://twitter.com/Abdulhaqkhokhar
https://bugcrowd.com/AbdulhaqKhokhar
Read more ...
Posted by at No comments:
Labels: , , , , , , , ,

Saturday 27 September 2014

Broken Authentication | Application security Session Token bug Bug #1


Broken Authentication – Session Token bug






About me and Suggestion:

Hi , This is Abdul Haq Khokhar , I am a Independent Security Researcher and I read this Bug in any blog and I've reported in many websites and Got Positive Reply as rewards , Swag and Hall of fame. So why are you waiting for ? try this on any website and report it as a Security Researcher and start your earning .


In this Article i m sharing logical Bug so lets start

Bug : Broken Authentication – Session Token


Step to Reproduce:

Step 1. Request a password reset for your account.
Step 2. Don’t use the password reset link that was sent to your email.
Step 3. Login to your account, remember don’t use first the reset password link you requested in Step 1.
Step 4. Change your password in the Account Settings. (In my research, I always change my password 5 to 8 times every testing session)
Step 5. After you changed your password inside your account, Check now the reset password link you requested in Step 1 in your email.
Step 6. Change your password using the reset password link you requested.

If the website you test has no issue then the token of the reset password link you requested will not work)
If the site has a token issue, The result is the reset password token in the Step 1 is still usable and did not expire yet. Not invalidating the session token for the reset password is not a good practice for a company.

Read more ...
Posted by at 4 comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)

About

Like Us

Designed By Seo Blogger Templates Published.. Blogger Templates