How I could have hacked your ExpyBio Page
2021-10-05 14:44:42 Author: infosecwriteups.com(查看原文) 阅读量:36 收藏

Renganathan

Hi There,

Renganathan Here, I’m an Ethical Hacker & a Security researcher.

I’ve been acknowledged by LinkedIn, United Nations, Medium, IRCTC & 20+ companies for reporting security vulnerabilities in their web applications.

What’s Expy

Expy is the only link you need to share all your websites and content, plus offer monetizable services and with more customizable features. It’s kind of similar to Linktree, a link in bio tool. Moreover it’s Indian made :D

I’m was linktree user but later switched to Expy Bio ^_^

Here’s my Expy Link: expy.bio/Renganathan

So I was using the application and designing my own Expy page.

My Admin Panel of Expy

Suddenly I got an idea to test for security vulnerabilites so I switched to the heckur mode!

Heckur Mode!

On Making any changes to expy account the below POST request is made

{name: "JM_Name", JM_Name: "Renganathan", JM_ID: 420}

So the server is using the JM_ID to validate the request, I thought of testing an IDOR here :D

I created another account and change the JM_ID, BOOOOOM! The Details on the other page was changed :D

Which means I can customize the page of any users :P

I later tried an XSS payload in the name field I added

“><script>alert(1)</script>

XSS In name field

BOOOOOOM! This worked! Whenever someone visists my expy bio page they get an alert(1). This can be used to steal the cookies of any users and perform account takeover :D

Alert(1)

I reported to the Twitter handle of them twitter.com/expybio and It was soon patched :D

Tip: Be Alert during each and every request and response made to the server :D

Thanks for reading :)
Stay Safe.

https://www.instagram.com/renganathanofficial

https://twitter.com/IamRenganathan


文章来源: https://infosecwriteups.com/how-i-could-have-hacked-your-expybio-page-7e59c119ddba?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh