Some Easiest P4 Bugs

Visit example.comGo to the Upload option on the websiteUpload the image with EXIF metadata.Please right-click on the image and download it.Visit https://jimpl.comUpload the downloaded image and check for sensitive data.Go to the URL — example.comOpen the same account on two different tabs on the same browser — Browser AClick on the Logout from one tab — TAB AOnce the session is terminated, go to the second tab (TAB B) update some data, and save itAfter changing the data, click on the refresh button.The data will be updated.Visit page https://example.com/blog/page4/report-comment?comment_id=33Report this comment and capture the request in BurpsuiteSend this request in burp suite intruder and start the attackAfter a few minutes, the user comment was deletedUnprotected Account Activation URLs — example.com/verify?user_id=1234Predictable Verification Tokens — example.com/verify?token=abcd1234Bypassing Verification Status Checks — “is_varified: false”Direct Access to the Verified User Area -** /dashboard or /profile**Verification email hijackingGo to example.comThen just change the above URL like this https://example.com/wp-login.php?error=access_denied to https://example.com/wp-login.php?error=you are hackedClick enter and the message got reflected on the page.Create an account on https://site.comLogin using credentials in 2 browsersOpen the profile/settings.Go to Change password and change the password in Browser 1Visit Browser 2 and edit the profile data (name/contact no/profile picture) and click on save.Refresh the page once and the data will be changedVisit the website and log into your account.Go to the profile/settings section.A delete account button will be displayed.Click on the delete button and your account is successfully deleted.

For SPF

Visit — https://www.kitterman.com/spf/validate.htmlEnter the domain name — target.com and hit Get SPF RecordThe domain name will show No valid SPF record found

For DMARC

Visit — https://mxtoolbox.comEnter the domain name — target.com and hit goThe domain name will show No DMARC Record foundOpen the link https://www.website.comClick on the social media icons like — Twitter / Facebook / Instagram, etc.If not the account will not be made, it will return — PAGE NOT FOUND or ACCOUNT NOT FOUNDThe attacker can create an account by the company’s name.Open the site.com and go to the profile/account/settings pageCopy the profile URL and paste it on the clickjacking exploit and save itOpen the clickjacking file and the target.com will be vulnerable to Clickjacking and load successfully into the iframe of the attackerThe attacker can perform a sensitive actionOpen the URL https://site.comGo to Forgot password pageEnter your email ID and you will receive a reset linkChange the password multiple times using the same reset linkThe password gets changed every time.Open the domain — http://site.comCopy the URL and open a new tabPaste the URL and add a “S” in the domainIf the URL not open on https then it’s vulnerableOpen the URL in your browser https://example.comLogin using the desired credentialsOpen any sensitive page like (account/settings/profile )Click on the signout buttonPress the back button of the browserUser’s sensitive information will be visible on the pageOpen this URL in the browser — example.com/signupAn account verification link will be sentGo to your email inbox and open the emailRight-click on the link and copy the linkPaste the link in notepad/browser and check if it is on HTTPPress enter and check if the account is opened or not.Go to forgot password pageEnter the registered emailGo to the email inboxRight-click on the box and copy the linkPaste the link in the browserCheck if the link is on HTTP

#HappyHacking