How i hacked into Multifactor Authentication to find IDOR Vulnerability
The IDOR that turn me upside down!!!
Okay guies , after being through so many programs which offers bug bounty / which does not offer any bug bounty , i have finally decided to DISCLOSE some of my favorite Exploration of my Exploitations.
To those who don't know much about me , I would like to say that I am from Odisha and i love bug hunting specially in Web Application. I have been recognized by many multinational companies for reporting Web application Vulnerabilities to strengthen their Security.
So on a fine day , i was struggling to get myself familiar with the term IDOR which actually stands for Insecure Direct Object Reference , i was searching through many websites , i was going through many videos in YOUTHOOB(liked the word from CarryMinati) and i could see that one video that properly made me understand the basic concept of IDOR , than i learnt that if the permission is not properly set upon an object and if we access it through a direct reference than the web application directly share/provide access to the resource.
After getting aware of the concept , i went on a site which is actually a helpdesk portal which is common click on me dude!!! i know you want me
So in this website , i was searching for minor bugs like XSS / CSRF which indeed i found some but was more keenly looking for a IDOR... so i reported few bugs like XSS issues / CSRF issue letting add a privilege user to the account(which is account takeover but via user interaction) so when i reported them this they replied me that they are interested in paying bounty if i can find more critical bugs(don't know why these days security teams are not considering CSRF attacks as one of the critical bug) , so i while searching for few more bugs in hope that i will get some good amount of bounty , i went through all the functionality those are available in "settings" page of my account , while my previously reported bugs were patched in a day and i tried to bypass the security implementation but i fail(which is a very good thing for the company that , no intruder can attack what i had reported earlier :p). After sometime hunting on the site , i was about to get demoralized that everything is in shape and no further security risks were left in the site(which mean no bounty :(( ). I suddenly saw in the Multifactor Authentication module there is a "userid=" in the address bar.
Oh!!!! Wtf bro WTF!!!!! and i was like , please....
Let it be my first IDOR....... , Let me have the honor to see a real life exploitation of IDOR Bug.
Than i created another account and i went to the Multifactor authentication module and i found the user id of my second account. So first thing that came into my mind is i have to write something in the 2nd account and i need to interchange the user id with my 1st account and if the IDOR bug exists than i will see my content of 2nd account in my 1st account.
So next thing i did was quickly wrote something like "Your account is hacked"(don't remember exactly , watch the video) and than interchange the user id of 1st account with 2nd and hit enter
i was like Dude, Here come's the best day of your life 😊 ...........
so what it did was turned me upside down....lol no use of burp nothing just interchanging the user id provided me with account access...so that day i realized , something could be really as simple as what i found....we always don't need to dig deep into the pile to find everything many times it will be in front of our eyes but we refuse to see it....
So below is the POC for the finding...
So below is the POC for the finding...
Hope so you guies enjoyed it.....will be waiting for your feedback......
STATUS: FIXED
Bounty:$$$
Note:Due to high volume of reports from my friends , the site has stopped paying bounties any more.
Comments
Post a Comment