.png)
9 months ago
123 BOOK THIS SPACE FOR AD
ARTICLE AD
The curiousity began with a moment during lunch in a restaurant which no longer uses menu book, instead need to scan a provided QR code to order the cuisine. POS (Point of Sales) systems are now ubiquitous as it simplifies business process since reservation until payment. Redirection URI from the QR intrigues a little bit as unique code appears to show particular menu from a merchant and let customer to make interactions with general POS system name acts as FQDN such https://redactedpossystem.id/menu/7CIBID25AE39 (Just for an educational purpose, its’ name is modified into redactedPosSystem.id). As an initial guess, this could be a sharing POS system which has been used by some of merchants.
Let’s give it a try how actually the redactedPOSsystem works by registering a trial merchant User. The system provides a complete journey for a new merchant to embark a digital experience for restaurant, cafe, etc. Begin by organizing items for sale, tailoring categories to streamline the browsing experience for customers, facilitating sales transactions with various payment methods, and so on. Through some exploration, an API vulnerability is identified in the system during managing items which gives permission to not only upload image files for menu illustration but also any kind of extension files.
This could be pretty dangerous by correlating technologies being used by the system, the uploaded files could be intentionally composed for a malicious script written in same programming language. Identified by wappalyzer (https://www.wappalyzer.com/), most likely the system run on top of Apache web server with PHP programming language, through CakePHP web frameworks, inside of Ubuntu operating system.
What if this application flaw leads into privilege escalation ?
Privilege escalation is a process of gaining access to a higher level of authority than they are normally allowed on a particular system caused by unintentional bug hole. It involves users with limited privileges obtain undesirable greater access to system. This (depends on degree of escalation) could potentially lead to access sensitive resources, modify system configuration, or perfom dangerous actions. Two types privilege escalation could possibly occur, vertical and horizontal one.
Vertical & Horizontal Privilege Escalation
Vertical escalation is accesing more resources that is granted for higher privileged accounts from a low-authority account.
Horizontal escalation is accessing resources by obtaining others user credential with same level of authorization.
On this redactedPOSsystem, vertical privilege escalation triggers from a merchant user in the following order steps:
Immediate recommendation for recovery step :
Web application source code and database must be backup somewhere elseDatabase credentials must be changedMalicious file must be removedTerminate suspicious processTo avoid such issue happen :
Implement WAF (Web Application Firewal) before transacations come into web application server.Carefully implement file upload functionality to ensure uploaded files are really properly filtered to specified extension (https://www.opswat.com/blog/file-upload-protection-best-practices)Provide least privilege on a specified user on operating system.Perform regularly vulnerability scanning on operating system, technology being used, and conduct some upgrade if required.A warning notification has been sent to business owner and take care the situation. Business owner has been acknowledged for the findings and has shown appreciation for helps. It’s expected improvement to be coming soon.
Bengali (Bangladesh) · 
English (United States) ·