.png)
3 months ago
29 BOOK THIS SPACE FOR AD
ARTICLE AD
After enjoying a day of festivities and relaxation with friends on Eid-ul-Adha, I was feeling the effects of a hearty meal. As the evening settled in, I decided to channel my energy into something productive. To keep things interesting, I chose to explore a website that sold Free-Fire Diamonds, aiming to uncover any potential vulnerabilities.
The website has some more functionalities like playing games and winning coins, selling coins, buying free-fire diamond etc!
After manual browsing, I found a contact form in the url following: https://2048treasure.com/en/contact .Filling up the form sends a POST request to the server. Intercepting the request, I notice something weird. The website use user’s email and password as cookies!
In PHPSESSID , _stripe_mid and _stripe_sid cookies receive arbitrary value, they don’t even check!!
I was feeling as happy as the image shows!
Then I edit the request using Burpsuite as below:
Here attacker@mail.com pretend as victim@mail.com and able to send message to the web admin. Successfully I hijacked the privileges of another user.
I found the same instance while buying diamonds!
Thanks for reading.
Bengali (Bangladesh) · 
English (United States) ·