Vote Manipulation & Debug Exposure, Another Interesting Finding…

1 month ago 47
BOOK THIS SPACE FOR AD
ARTICLE AD

Josekutty Kunnelthazhe Binu

Hello, I want to share an interesting finding I found earlier last month. I was manually checking the subdomains one by one and i came upon a subdomain, when clicked i was taken to a voting page. It was a website were developers from this company test and vote as part of developing. So i saw a voting setup on the page where their was some voting id already given, when I clicked the voting id their was also some default ids where I can change also their was a box to submit the vote called load vote.

So I clicked the load vote button suddenly from the bottom part of the page some debugging logs started to come… on the logs I was able to see the vote id which I selected before clicking load vote.

Sorry guys for the bad pics currently I am at my day job I am writing this article on my phone and I don’t have my laptop with me now, I tried to make the website available in desktop mode in my phone but its not working and also I cant provide provide POC video because it will exposes so much more sensitive info.

Lets go further, I tried to do vote again and again and still the page was accepting all the votes with the same id and at this point I knew their was a misconfiguration because the page was accepting all the votes which as an attacker I could spam the company and make false positive’s results On their developers voting result also another issue was this page was not supposed to be public and it should be only available to the internal team.

Another feature when i found on this page was I was able to add manual vote id, I quickly add a voteid which I can use it for poc HACKEDBYJOSEKUTTY and clicked load vote ….

That was also shown in the debugging page showing it was accepting that also.

I quickly reported to the company about this issue as vote manipulation and debug exposure.. by the way the company was BBC, but sadly it was DUPLICATED🥲.

Anyway this was an interesting finding which I had never came across before so I thought to make an article about it…. Hope u all enjoyed and learned something from this.

#BugBountyIndia #IndianHackers #CyberSecurityIndia #BugBountyHunter #HackerOneIndia #InfoSecIndia #SSRFVulnerability #AppSecIndia #EthicalHackingIndia #WebSecurityIndia #SecurityResearcher #CyberSecCommunityIndia #BugBountyTips #PentestingIndia #RedTeamIndia #HackersOfIndia #ResponsibleDisclosure #IndianSecurityCommunity #TechSecurityIndia #CyberSecurityAwareness #HackingTips #VulnerabilityHunting #BugBountyLifeIndia #HackThePlanetIndia #WebAppSec #IndianBugHunters #SecurityTestingIndia #OffensiveSecurityIndia #CTFIndia #CyberAwarenessIndia #InfoSec #EthicalHacking #CyberSecurity #WebSecurity #AppSec #BugBountyTips #WebAppSec #RedTeam #PenTesting #HackerLife

Read Entire Article