Wednesday 27 November 2013

"Sourceforge Brute Force" Attack Vulnerability ,Sourceforge Brute Force



                                         Sourceforge Brute Force Attack Vulnerability

I want to share my finding "Sourceforge Brute Force" Attack Sourceforge.com which I have reported to Source Forge Security Team on 25th October 2013



While downloading a project i think that i should test the log in panel for brute force attack vulnerability On - https://sourceforge.net/account/login.php


After some analysis i have found that the there was no protection of login attempts or you can say Brute force attack ..


So i test the source forge log in panel i found something interesting.In my test i have tested 100 something attempts with my account bhati.contact@gmail.com



Here you can see that all invalid attempts has came with 200 response code as normal web application behave :-)







And here you can see the difference that attempt no. 104 only one valid log in attempt has came with 302 response code with Session cookies value




So as you saw that there is we need to perform any bypassing technique because there is no security deploy which we have to bypass

Simple and sweet attack :-)  Sourceforge Brute Force Attack Vulnerability


Comments Are Always Welcome




No comments:

Post a Comment