This is part 2 of P4 bug’s if you haven’t check part one then check it out. Click Here…
Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lots of bugs but in today’s article we are going to discuss about low hanging fruits or P4 vuln’s as they are very easy to find and also present in almost every website. So let’s start with our first vulnerability.
1. Improper Cache-Control
So first of all what is cache-control and how it works. Fu*k it who cares this article is not about what, it is about how we can find it on a real website. If you are curious about what is cache-control then check this out.
How to find it: In website firstly login then go on a sensitive page like profile, password change etc. etc. and then logout from that page directly and after logout press back button in browser and if that sensitive page open without asking for credentials then it’s a bug.
One more thing after pressing back button and if sensitive page opens directly and you can edit any data on that page then it’s P3.
It’s POC time..
Description:- The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.
Steps to reproduce:-
- Open the url in your browser https://example.com
- Login using the desired credentials
- Open any sensitive page like (account / settings /profile )
- Click on the signout button
- Press the back button of the browser
- User’s sensitive information will be visible on the page
Impact:-
When sensitive data is being stored and transmitted by the application which does not have the `Cache-Control` header, an advanced attacker can access the sensitive data, phish users and cause reputational damage to the business.
2. HTTP by default
If a domain doesn’t have SSL certificate or SSL certificate expired or HSTS header not present and it’s running on http and site is dynamic then it’s a P4.
Condition: Only self hosted programs will accept this bug.
Oh. you found this bug then it’s time to make POC.
Description:-
The website is not fully protected by an SSL certificate. This could allow an attacker in a Man-in-the-Middle position to obtain usernames and passwords of users visiting the site.
Steps to reproduce:-
- Copy the url http://example.com
- Paste it in new tab and add a ‘s’ in the domain
- If it does not open on https, it is vulnerable
Impact:-
If a user were to visit this page from a public or shared network (eg, office, airport, library, etc.) and login into an account, a malicious user on the same network would be able to obtain that user’s username and password by conducting a Man-in-the-Middle attack using Wireshark. This would allow the malicious user complete access to the user’s account
That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂
Buy Me a Coffee : https://buymeacoffee.com/socalledhacker
Follow Me On :
Would you be concerned with exchanging hyperlinks?
I like what you guys are up also. Such intelligent work and reporting! Keep up the excellent works guys I have incorporated you guys to my blogroll. I think it will improve the value of my website 🙂
Thanks for the article. My partner and i have generally seen that many people are desperate to lose weight because they wish to look slim and attractive. Nonetheless, they do not often realize that there are many benefits for losing weight additionally. Doctors insist that obese people are afflicted by a variety of health conditions that can be directly attributed to their own excess weight. The great news is that people who sadly are overweight as well as suffering from several diseases can help to eliminate the severity of their own illnesses by losing weight. You’ll be able to see a steady but notable improvement with health as soon as even a moderate amount of weight-loss is reached.