Monday 7 April 2014

Google CSRF Feedburner , CSRF , Google , Hacking , Bug Bounty ,Vulnerability

Google CSRF Feedburner

Google CSRF Feedburner

Hello all . here so much days passed i dint any write anything about web app security
So today i am going to share you a finding with you of "Google CSRF Feedburner"

So here we go ! ;-) & sorry for the grammar mistakes :p

Vulnerability Name - Spoof Email ( You Can Send Email To Anyone From Any Email )
First want to inform you that this bug is self exploitable . You just have enter some details for spoof email
As you can see in Screen Shot

Now as you saw you can enter some details and then click submit it will allow you to send spoof email . But wait there is a problem !!! :o

If you fill this form click submit then spoof email will send by your ip address or if you proxy then it can be trace not a big deal in today's world police will call you for join lunch with them

So here i think that how can we trick an user to please this form to trick him to send an email by his ip address !! Ya you are right i am talking CSRF Attack

So lets move to interesting part. While exploiting this bug i face some problem with Captcha ;-)

Captcha was here to prevent automated or CSRF Attacks

But i tried to make this thing work :-) For Finding "Google CSRF Feedburner" Vulnerability

Then finally what i found there that there is some issue with captcha due to In secured Captcha At Client Side . The thing this you can intercept a captcha request and generate a CSRF POC but you have to prevent it to be send at server.

So what i do i just intercept the request and generate CSRF POC then i drop this request . Here i want to see that is this CSRF works if i send this request to other user.If capthca is working properly then it will not work because server will check for the captcha value so it should not be work But when i check this CSRF in other browser then it is working properly without any problem which indicated that the captcha is not working properly so it is the root cause for this CSRF Attack
  ( POC Video )

Comments are always welcome

Please suggest how you like this Google CSRF Feedburner Write Up :-)

1 comment: