P4 bug’s and their POC steps | Part 1

Hi everyone, I am Nikhil aka socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past few months i have discover lots of bugs but in today’s article we are going to discuss about low hanging fruits or P4 vuln’s as they are very easy to find and also present in almost every website. So let’s start with our first vulnerability.

we see login function in almost every website and when we signup then website sends verification link on our mail id and there is a link embedded in that mail so we have to copy that link and see if that is on http or on https. If then verification link is on http then it’s a bug, but there is a condition in this.

Condition: when we open that link in our browser then account should be opened directly if we open that link and website ask credentials then company will not accept that bug.

So let’s see how to create report for this bug…

Description:- The user registration process in the application is vulnerable due to weak implementation, which could allow an attacker to exploit the system by bypassing security mechanisms or manipulating user account creation. This can lead to unauthorized access, account takeover, or user data leakage.

Steps to reproduce:-

Open this url in browser — example.com/signupAn account verification link will be sentGo to email inbox and open the emailRight-click on the link and copy the linkPaste the link in notepad/browser and check if it is on HTTPPress enter and check if the account is opened or not.

Impact: Weak Registration Implementation could lead to data theft through the attacker’s ability to manipulate data through their access to the application, and their ability to interact with other users, including performing other malicious attacks, which would appear to originate from a legitimate user.

When we click on forgot password in website then it will send a link on our email id and if the link is on http then it is consider as bug, but there is a criteria for that..

Criteria: when we open that link in browser it must ask for new password directly.

There is one more feature on which we can test it on when we invite user then the invitation link that is sent over email must be on https it that link is on http then it’s bug.

Now let’s see how to create report for this bug…

Description:- When the password reset implementation is not implemented properly , the strength of the overall authentication process for the application is diminished. Tokens sent over HTTP, predictable reset tokens, and long expiry times create weak conditions for the password reset implementation.

Steps to reproduce:-

Go to forgot password pageEnter the registered emailGo to the email inboxRight-click on the box and copy the linkPaste the link in the browserCheck if the link is on HTTP

Impact: This vulnerability could lead to data theft from the attacker’s ability to manipulate data through their access to the application, and their ability to interact with other users.

That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … :)

Follow me on : Linkedin Twitter/X Github and on Medium.