POC - Got Valid Bug in Humblebundle.com
Introduction About me:
I am Abdul Haq Khokhar , I am Independent Security Researcher and i have found a Vulnerability in Your website(Humblebundle) So here is the POC and Detail Below :Website : http://humblebundle.com/
Bug : Change Anything through Contact Email in HumbleBundle
Step to Repro:
1)Contact contact@humblebundle.com for the Recover the account .2)You will get a reply saying " for confirmation can you say send an email from your email account associated with your username " ie. from victim@gmail.com .
3)reply ok and use a spoofing service made by you or a hacker to send spoofed emails example https://emkei.cz/
4)know the victims email account and use it to send as senders email address to send a spoofed email saying change "e.g :as you want" or changing anything or recovery any email etc
5.it will be done by the support staff .
By knowing email of victim you can change anyone's Detail.
Just a spoofed senders email is enough!
Countermeasure:
You must validate the email header and must use a proper email service provider like gmail to filter these kind of emails as a countermeasure.After 2 days i have Got Positive Reply From Humblebundle Security team on Bugcrowd.com:
They Also Provided me 5 Kudos for the Better Rank on BugCrowd:
HumbleBundle Hall Of Fame [9th Position]:
They also Providing Swag
Swag is Coming soon i Hope will get soon :)Thanks for Reading ,
Regards,
Abdul Haq Khokhar
Independent Security Researcher
https://twitter.com/Abdulhaqkhokhar
https://bugcrowd.com/AbdulhaqKhokhar
No comments:
Post a Comment