Untitled

mail@pastecode.io avatar
unknown
plain_text
a year ago
1.7 kB
2
Indexable
Never
Intro:
	-I'm Kenn, the Junior L3
	-I've been assigned on checking on the 2 vulnerabilities for the API Developer Sandbox
	-So a short recap on the 2 issues
	-Try it out:	so by intercepting the HTTP request, edit it by decoding, adding the special characters +&@ re-encode it and forward it 
					attackers can exploit the ports which are open for the IP
	-Message Us:	by intercepting the HTTP request, editing the "TO" section and changing the identifier code can change the receiver of the email
	
Try it out:
	- After following the replication steps, I've managed to replicate the vulnerability
	- Used Burp Suite to intercept the HTTP request, edited the request with the encoded IPs with the +&@ symbol
	- Intercepted the response and got the 301 Moved Permanently with a body of contents
	- Tried with the different special characters, wheverever that contains xxx@ then there's still body content

- Suggested Fix:
	Validate the URL using regular expression which disallow the special character @ in it
	
Message Us:
	- After following the replication steps, managed to replicate the vulnerability
	- Used Burp Suite to intercept the HTTP request, edited the request where the code 836 under the "to" section is replaced by 944
	- Couldn't verify if the owner email did receive the email or not
	- But what I found out is that the code should be 836, tried logging into different accounts all showing 836

- Suggested Fix:
	Validate that the identifier code must be 836 only OR remove the whole "TO" section
	
Next Steps:
	-Get code access so that we can play around and apply the hypothesis and see if it could work in the SIT Environment