.png)
14 hours ago
5 BOOK THIS SPACE FOR AD
ARTICLE AD
السلام عليكم ورحمة الله وبركاته
Hi Folks, Hope You all are doing well 🖤
I am Back again With a New idea that I think the most of hunters Ignore to test it when they come to test 2fa Functionality
Quick overview about the target :
We are gonna call the website: target.com As the bug Not still under fixing
target.com is an open-source, self-hostable online chat service with file sharing, search, and third party application integrations. It is designed as an internal chat for organizations and companies.
Every Person can create his instance and invite other people to his team
First of all … when I come to test 2fa function this is my flow on testing :
I have three phases On Testing
Test for 2fa setup Bypass : This is Before adding any 2fa to my accountTest For 2fa Bypass : This is after adding 2fa to my accountTest for Disabling 2fa : This is for remove or disable 2faEach phase have its test cases You can test every phase by figuring out 2fa functionality on the website you test on and know the flow well Then start to think how you can find a bug And after that If you don’t have any Ideas You can Figure out this Blog Post By my friend sallam It will help you very much in building your own methodology >3
after You know these phases I start figuring out my website and start testing The first phase 2FA Setup Bypass And The first scenario That I test That ignored by the most hunters Is to do some requests as a attacker while burp is running in the background and then As a Victim Enforce 2fa to all team members to add it before accessing the website functions again :
so here the Steps To Reproduce :
As a victim : You will create Your own Instance and Invite attacker to itAttacker accepting your invitation and join the InstanceAfter that Attacker will do some sort of requests as he can while burp is running in The background all to need is to fill burp history with some requestsBefore completing the steps I know that from my previous testing On More Than one app that the search function doesn’t have a good proper authorization checks
4. After That I check the search functionality : It take any term or character as a input and give you all PII Data of any user on the instance that have this term or character on Its name or email
And Here the request from burp :
5. As a victim : I Enforce 2fa to be Enabled → This will directly Lead to force any user outside the instance until They configure their MFA to access anything in the instance
6. As The attacker : back to your account -> You will see that you are redirected to MFA SETUP page and can’t access anything in the instance
7. As the attacker : On the body of The search request -> in term Parameter -> If you pass any character on the value of it this will return all PII Data of users in the instance that have this character on its email or name also This search including the new added users to the instance
At the end of The Bug accepted as P3 bug >3
Thank you all for reading and for your time I wish you had some fun with this write-up inshallah 🖤
Love what you are doing && keep hunting 👾
My social accounts :
LinkedinTwitter
Bengali (Bangladesh) · 
English (United States) ·