Auditing an organization's website
Uncategorized
13
Posts
4
Posters
2
Views
-
Auditing an organization's website
Notice that some email links automatically log in as the recipient
Observe
GET https://[redacted domain].com/directlogin.php?userid=[redacted base64]in the redirect chaindecode [redacted base64]
it's my email address and nothing else
replace it with someone else's email
immediately logged in as that person
-
Auditing an organization's website
Notice that some email links automatically log in as the recipient
Observe
GET https://[redacted domain].com/directlogin.php?userid=[redacted base64]in the redirect chaindecode [redacted base64]
it's my email address and nothing else
replace it with someone else's email
immediately logged in as that person
maybe I should switch careers, seems like computer security still has a lot of low-hanging fruit
-
Auditing an organization's website
Notice that some email links automatically log in as the recipient
Observe
GET https://[redacted domain].com/directlogin.php?userid=[redacted base64]in the redirect chaindecode [redacted base64]
it's my email address and nothing else
replace it with someone else's email
immediately logged in as that person
@hazelnoot@enby.life years ago I sucessfully argued for the removal of such links from $work's email messages… it's irritatingly common ☹
(ours at least had some per-account "secret" bit, even if it ended up being a password-equivalent that we happily emailed in cleartext) -
Auditing an organization's website
Notice that some email links automatically log in as the recipient
Observe
GET https://[redacted domain].com/directlogin.php?userid=[redacted base64]in the redirect chaindecode [redacted base64]
it's my email address and nothing else
replace it with someone else's email
immediately logged in as that person
and I just found a different vuln that allows enumerating all email addresses registered to the system
-
and I just found a different vuln that allows enumerating all email addresses registered to the system
holy shit it embeds user passwords plaintext in a hidden field
-
holy shit it embeds user passwords plaintext in a hidden field
@hazelnoot vibe coded af imo
-
holy shit it embeds user passwords plaintext in a hidden field
Wonder if I can access the payment administration section without auth, too...
-
Wonder if I can access the payment administration section without auth, too...
I swear to god, if I get in there and see plaintext card info...
-
Wonder if I can access the payment administration section without auth, too...
oh, yeah I should mention - this thing processes payments and accepts insurance data
-
oh, yeah I should mention - this thing processes payments and accepts insurance data
literally years of PCI (credit card privacy regulations) training, just for this...
-
holy shit it embeds user passwords plaintext in a hidden field
ok I can leak:
- email (username-equivalent)
- password
- email+password for all accounts "managed" by this one
- first/last name
- phone number
- full address
- full date-of-birth
- voting records
- group membership(s)
- group ownership(s)
- system preferences
- org-specified registration ID
- org-specific profile info -
I swear to god, if I get in there and see plaintext card info...
good news: card payments are handled through PayPal, so nothing is leaked there
-
good news: card payments are handled through PayPal, so nothing is leaked there
@hazelnoot At least….
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Amici di sociale.network, siamo passati alla versione 4.4. Se qualcosa dovesse rompersi nelle prossime ora abbiate pazienza, stamo lavorando per voi. #SNTUTORIAL
-
Countries that have joined Trump’s Board of Peace. Hungary is only EU country which is part of it https://www.byteseu.com/1736939/ #Europe
-
@salvadorbs Quando le aziende parlano di sicurezza, dietro c'è sempre la fregatura. A nessuno interessa della sicurezza, né in ambito digitale né nel mondo reale (lavorativo).
-
@FraEmme Il mio vecchio S2 Plus l'ho riciclato come sveglia hi-tech e ora che le batterie stanno andando (sembrano gonfiarsi) al suo posto c'è l'ultimo Huawei, con WA e Watomatic (un risponditore automatico), più Mailbox (l'applicazione casella postale di Briar).
Pensavo anche io di farci una cosa simile ma alla fine ho optato per altro.
-
@stefano Wow. I'm so sorry you had such a rotten time in Manchester. I think we've all been bitten in the backside by bureaucracy.
-
Digital legacy planning?
This space is full of "interesting" services and products but nothing like machinereadablewishes.cc from what I can see
Have you seen better?
-
I automated my entire morning routine with these 5 free productivity apps
