This is part 4 of P4 bug’s if you haven’t check previous part then check it out. Part 1 , Part 2, Part 3
Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lots of bugs but in today’s article we are going to discuss about low hanging fruits or P4 vuln’s as they are very easy to find and also present in almost every website. So let’s start with our first vulnerability.
1. Broken Link Hijacking
In this bug if some link is broken or available for takeover then it’s consider as a vulnerability. Let me explain it in simple words, Like there is a website on which there is company’s social media account links are available let’s say company deleted it’s twitter account for twitter but the link is still available on the webpage and it’s pointing to the twitter account that company deleted, Now let’s assume that username of company twitter account is xxyyzz and after deleted this username is now available for takeover and you as a hacker created new twitter account by username of xxyyzz.
Now when you visit company website and you click on twitter handle and boom you got redirected on your twitter account that you created by username of xxyyzz.
Criteria — Only those broken links are accepted in this bug which are managed by the organization
Time for poc…
Description:- Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there (for example due to an expired domain), attackers can exploit these links to perform defacement, impersonation, or even to launch cross-site scripting attacks.
Steps to reproduce:-
- Open the link https://www.website.com
- Click on the social media icons like — Twitter / Facebook / Instagram, etc.
- If not the account will not be made, it will return — PAGE NOT FOUND or ACCOUNT NOT FOUND
- The attacker can create an account by the company’s name.
Impact:-
An attacker can create an account on the social media platform with that username and impersonate/misuse the company name.
You can use some automated tools for this bug….
2. Clickjacking
I know you all know about this bug if not then you can check this out on google or on some other articles..
But this bug is mostly out of scope on platforms and if you want a bounty on this bug then do clickjacking on sensitive page like profile, account, setting etc. Use the exploit given below.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Testing Clickjacking</title>
</head>
<body>
<p>Checking if the page is vulnerable!</p>
<iframe src="https://paste-your-url-here"height="700px" width="1100px" frameborder="0"></iframe>
</body>
</html>
Paste your url in iframe tag of this exploit. Now it’s time to create poc..
Description:- Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
Steps to reproduce:-
- Open the site.com and go to the profile/account/settings page
- Copy the profile URL and paste it on the clickjacking exploit and save it
- Open the clickjacking file and the target.com will be vulnerable to Clickjacking and loads successfully into the iframe of the attacker
- The attacker can perform a sensitive action
Impact:-
Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.
That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂
Buy Me a Coffee : https://buymeacoffee.com/socalledhacker
Follow Me On :