by harshjaiswal · Published March 27, 2016 · Current April 12, 2016
Badoo Accounts Takeover – Insect Bounty POC
Note that the blog post is written by extreme Jaiswalas & any error written down will be amused best from him We enable you to write articles on all of our site as a guest/contributor so more may also learn.If you’re thinking about discussing your receiving through Bug Bounty POC program only sign up on blog site and you can posting freely.
Thanks Bharat & Behroz for this awesome program I’m novice, quickly i ll share my some other 2 FB problems full well worth 3000$
Hey everyone else available to choose from ! These days i want to show my getting of Badoo from where I could takeover people profile by just offering him/her a poisionous connect
Badoo try a dating-focused social media solution, established in 2006and headquarters in Soho, London. The site works in 180 region and it is most widely used in Latin The united states, Spain, Italy and France. Badoo positions since 281st most popular web site worldwide, based on Alexa online since April 2014. The website functions on a freemiummodel. Attain added characteristics, a person will pay a fee or allow Badoo to e-mail all his or her friends.
Firstly i wanna give thanks to my good friend Rudra just who constantly encourage myself He given me an easy website link and I also got away a merchant account takeover from this
The insect was really easy, it functions on a CSRF & A token missconfiguration. And only legitimate for
Once we transfer photographs from fb or Instagram it would not have any anti-CSRF token, the fb token which produced via Badoo was valid for everyuser. Today I will bring a hyperlink to a user of my fb accounts to transfer photographs, if individual will push fine after that pic are imported to his profile.
But exactly how I managed to get an takeover here ?
The fact i pointed out that the link generated normally replace the user FB connected membership with attacker’s FB profile in addition to best part was actually user should just visit hyperlink no terminate or fine pressing called for.
Today an opponent can login via FB and fully takeover the profile and will access all his cam, exclusive photos and every little thing
The insect is patched within 2 times of intial document. Benefit ($850) ended up being very much less from my expectation .
Methods to reproduce was actually :-
1 -Create two lesbian dating sites Houston Badoo membership attacker & target and back link 2 diff fb account in each
2- Login as ‘attacker’ and check-out transfer pictures via fb and copy the link from URL club
3- today login as ‘victim’ in diffrent web browser and start the web link and click cancel.
4- FB accounts of ‘victim’ is replaced with FB profile of ‘attacker’ (Removed from ‘attacker’ one)
5-Login via attacker’s FB profile and you will certainly be logged in as ‘victim’ membership
Congo u only hacked sufferer accounts
Imagine a user need a free account of attacker ‘A’ with FB connected which ‘FB-of-A’ and a victim profile ‘B’ with fb connected and is ‘FB-of-B’ today assailant build a link to transfer photos from their fb and provide it to target ‘B’ the guy opens up they and newspapers cancel but this posses changed his FB account ‘FB-of-B’ to attacker’s FB account ‘FB-of-A’, and from now on assailant can login with his fb membership in victim’s badoo fund.
I can chat with my target on Badoo and will posses hacked their accounts in five full minutes
09 March : Reported 10 March : Bounty treated 850 USD 11 March : insect patched