This is part 8 of P4 bug’s if you haven’t check previous part then check it out. Part 1 , Part 2, Part 3, Part 4, Part 5, Part 6, Part 7
Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lot’s of bugs but in today’s article we are going to discuss about low hanging fruits or P4 vuln’s as they are very easy to find and also present in almost every website. So let’s start with our first vulnerability.
1. Exif Geo Location
This bug is consider as P4 but sometimes as per the impact, this can be consider as P3 vulnerability.
Let’s dive into it’s details like what this bug is and how to find it?
In almost every website, there is an upload image feature available, it may be profile picture or other type of upload. If website/webserver is not stripping exif metadata of an image uploaded by the user then it’s a bug (P4). There are two different conditions in this like if the image is visible to more then one person then it’s a P4 called Exif Geolocation Manual Enumeration. While if the image is visible publicly like Instagram profile picture is visible to everyone or the picture is uploaded by developer and visible to all then the impact of this vulnerability is consider as P3 (Exif Geolocation Automatic Enumeration).
How to check Metadata of Image : Go to this website (https://jimpl.com/) and paste the picture/URL.
As always: POC time…. 🙂
Description:- When a user uploads an image in example.com, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of example.com users like their Geolocation, their Device information like Device Name, Version, Software & Software version used, etc.
Steps to reproduce:-
1. Visit example.com
2. Go to the Upload option on the website
3. Upload the image with EXIF metadata.
4. Right click on the image and download it.
5. Visit https://jimpl.com
6. Upload the downloaded image and check for sensitive data.
Impact:- This vulnerability is CRITICAL and impacts all the example.com customer base. This vulnerability violates the privacy of a User and shares sensitive information of the user who uploads an image on example.com or any of the example.com instances.
2. Broken authentication – Failure to invalidate session on logout
This is also another simple vulnerability in which website fails to validate user’s session even after they logout.
To find this vulnerability first login to your account in two different tabs of same browser. Then logout from one tab and if your account is automatically logout from the second tab of same browser then it’s not a bug but if the session still persist in another tab even after you logout from the first tab then try to change some data in the account and if you successfully updated some data in your account then it a bug.
Criteria: Bugcrowd didn’t consider this vulnerability as P4.
Let’s create POC 🙂
Description:- The application fails to invalidate a user’s session on logout, leaving the account vulnerable to session hijacking. An attacker may compromise a user’s session then be able to change the password of the account and lock out the legitimate user.
Steps to reproduce:-
- Go to the URL – example.com
- Open the same account on two different tabs on the same browser – Browser A
- Click on the Logout from one tab – TAB A
- Once the session is terminated, go to the second tab (TAB B) and update some data and save it
- Post changing the data, click on the refresh button.
- The data will be updated.
Impact:- This vulnerability can lead to reputational damage and indirect financial loss to the company as customers may view the application as insecure as the session is still running after logout.
That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂
Buy Me a Coffee : https://buymeacoffee.com/socalledhacker
Follow Me On :