P4 bug’s and their POC steps | Part 5

This is part 5 of P4 bug’s if you haven’t check previous part then check it out. Part 1 , Part 2, Part 3, Part 4

Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lots of bugs but in today’s article we are going to discuss about low hanging fruits or P4 vuln’s as they are very easy to find and also present in almost every website. So let’s start with our first vulnerability.

1. Delete Account Without Password

This bug is very easy as we can understand it by it’s name. So, when we delete our account form a website and it asks password of the account but in some website when we click on delete account, our account is directly deleted without password then it is considered as a bug.

Now, I think you found this bug so time to create it’s report…

Description:- The removal of an account is one of the sensitive parts of a web application that needs to protect, therefore deleting an account should validate the authenticity of the user.

Steps to reproduce:-

1. Visit the website and login into your account.
2. Go to the profile/settings section.
3. A delete account button will be displayed.
4. Click on delete button and your account is successfully deleted.

Impact:-

The target doesn’t verify the request with a Valid OTP or password before triggering Right to Access/Deletion & allows an attacker to delete User Accounts without user interaction.

2. SPF and DMARC Record

Don’t you dare to ask me what is SPF and DMARC record is you can easily found this on google or on other articles.

So, let’s talk about the bug here, we usually found company email on their website and if the SPF and DMARC record is not published for their mail id then it’s vulnerable to email spoofing attacks.

How to check if SPF and DMARC record is published or not? Check it here

SPF record — https://www.kitterman.com/spf/validate.html

DMARC record — https://mxtoolbox.com/

Criteria: These bugs may be out of scope on platform so read full scope before submitting.

Time to create report….

For SPF….

Description:- The Sender Policy Framework (SPF) is an email authentication protocol and part of email cybersecurity used to stop phishing attacks.

Steps to reproduce:-

1. Visit — https://www.kitterman.com/spf/validate.html
2. Enter the domain name — target.com and hit get SPF Record
3. The domain name will show No valid SPF record found

Impact:-

Spammers can forge the “From” address on email messages to make messages appear to come from someone in your domain. If spammers use your domain to send spam or junk email, your domain quality is negatively affected. People who get the forged emails can mark them as spam or junk, which can impact authentic messages sent from your domain.

For DMARC…

Description:- DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.

Steps to reproduce:-

1. Visit — https://mxtoolbox.com
2. Enter the domain name — target.com and hit go
3. The domain name will show No DMARC Record found

Impact:-

Spammers can forge the “From” address on email messages to make messages appear to come from someone in your domain. If spammers use your domain to send spam or junk email, your domain quality is negatively affected. People who get the forged emails can mark them as spam or junk, which can impact authentic messages sent from your domain.

That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂

Buy Me a Coffee : https://buymeacoffee.com/socalledhacker

Follow Me On :

• LinkedIn
• Medium
• X
• GitHub