Skip to content

P4 bug’s and their POC steps | Part 6

This is part 6 of P4 bug’s if you haven’t check previous part then check it out.  Part 1 Part 2Part 3Part 4, Part 5

bug

Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lots of bugs but in today’s article we are going to discuss about low hanging fruits or P4 vuln’s as they are very easy to find and also present in almost every website. So let’s start with our first vulnerability.

This bug is simple like on any auth pages when we make changes in url and it get reflects in client side then it a bug, for example there is a url like https://example.com/login.php?error=access-denied and you changed this error to example.com/login.php?error=you%20are%20hacked then it’s a P4.

So, I think you got the point, great it’s time to make poc..

Description:- Content Spoofing allows the end user of the vulnerable web application to spoof or modify the actual content on the web page. This presents the user with a modified page under the context of the trusted domain. This attack is typically used as, or in conjunction with, social engineering because the attack is exploiting a code-based vulnerability and a user’s trust.

Steps to reproduce:-

  1. Go to example.com
  2. Then just change above url like this https://example.com/wp-login.php?error=access_denied to https://example.com/wp-login.php?error=you%20are%20hacked
  3. Click enter and the massage got reflected on the page.

Impact:- The website it rendering the URL data to the client side of the website which can help to trick the user to input the data elsewhere.

To test this bug first of all open two browsers or one browser on incognito tab so there is no cookie exchange happens. Then login to you account in these tabs/browsers using same account. Now, change your account password or reset your account password and check second browser/tab if your second tab/browser account gets log out then then it’s not bug but if you still log in to you account after password reset/change it means site’s session is not terminating after password reset or change and it’s a P4 bug.

Great, you got another p4 bug let’s make poc…

Description:- Failure to invalidate a session after a password change is a vulnerability which allows an attacker to maintain access on a service. Most users have the expectation that when they reset their password, no one else can access their account.

Steps to reproduce:-

  1. Create an account on https://site.com
  2. Login using credentials in 2 browsers
  3. Open the profile/settings.
  4. Go to Change password and change the password in Browser 1
  5. Visit Browser 2 and edit the profile data (name/contact no/profile picture) and click on save.
  6. Refresh the page once and the data will be changed

Impact:- This vulnerability can lead to reputational damage and indirect financial loss to the company as customers may view the application as insecure.

That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂

Buy Me a Coffee : https://buymeacoffee.com/socalledhacker

Follow Me On :

Leave a Reply

Your email address will not be published. Required fields are marked *