.png)
3 months ago
26 BOOK THIS SPACE FOR AD
ARTICLE AD
Introduction:
I can’t disclose the program name, So name it as target.com. It is a cloud storage providing website. This website has an option of creating a project and invite others to work on that project. The project creator is owner of the project. The owner can be able to invite others using email address. Only the invited email should be added to the project. Non invited emails added to the project is called invitation link hijacking.
Unable to find the bug:
I created another account on target.com. Consider the email as colleage@gamil.com. Using owner account, invite colleage@gmail.com. Then open the link sent to the email. I directly added to the project. Looks like it is protected against invitation link hijacking.
Found the bug accidentally:
I changed my focus on privilege escalation. Invite another email to the project using colleagetwo@gmail.com. The email has no account on target.com. I opened the invited link, it redirected to registration page.
Entered the details, click get started and captured the request on burp. Change the email to attacker’s email on the request and send it. And successfully joined the project with attacker’s email.
Lesson learnt:
Check for every type of vulnerability in a target instead of a particular one. In the process, maybe you find a new vulnerability. And when check for invitation link hijacking, use email which has no account on target.com.
Follow me on:
Bengali (Bangladesh) · 
English (United States) ·