Story Of Unexpected Bugs

3 years ago 261
BOOK THIS SPACE FOR AD
ARTICLE AD

Neh Patel

Hello, amazing hackers, My name is Neh Patel and I’m a bug hunter.

I’ve been thinking about writing about my findings for a while, so here we go.

Please let me know if you notice any spelling errors.

Let's start,

It was about 2 or 2:30 am at midnight and I was reading some books related to hacking and I was just going to bed at that time I decided to check the email.

In a mail, at the end of that mail, there was a button or link called “unsubscribe”.As we all know, it was for unsubscribing from that company’s mail notification

I thought about check this “unsubscribe” link. There was a parameter called “email” in that link

https://target.maintarget.com/cgi-bin/qsurveyadmin.dll?request=exclude&idx=63364C&email=30316E6568706174656C6F6666696369616C40676D61696C2E636F6D&language=English&languagecharset=utf-8&source=1

I was thinking that what if I change the value of the “email” param. It’s interesting but the value of that param is encoded in some format so I decided to decode that value

I copied that link and paste it into notepad and checking for different encoding. I checked that with base64, md5, and other popular encryption methods but found nothing.

After some time, I noticed that in that value there are only A to F and 0 to 9 digits. I got it It’s Hexadecimal value of plain email address

After decoding I got my real email address but in all CAPITAL letters. I decided to change that value so I took a fake email address, change all letter into CAPITAL letters and encode it into Hexadecimal, Copy that encoded string and paste it at the place of the real value of the “email” param.

Boom… I found IDOR, we can unsubscribe from anyone’s email.

But I did not stop that bug, I write a simple XSS payload

<script>alert(document.domain)</script>

and again make all letter into capitals, encode it into Hexadecimal and paste it as a value of the “email” param.

Again Its XSS Yeah I did it … I did it …. I did it

Thanks for reading my write-up! Throw a heart to this story, If you liked please share it to your hacker friends .. Will be back with another write-up shortly.

Read Entire Article