How I was able to earn 1000$ with just 10 minutes of bug bounty?
Hello, Guys, I m back with a new blog on bug bounty, I found this bug recently on independent bug bounty program, thought of sharing it.
So here I would like to share how I got 1000$ with just 10 minutes of bug hunting,
here you will get to know the importance of client-side vulnerabilities,
So here’s how it went on, earlier during my engineering 4th year, I had too much free time. This was the time I learnt a lot about this field, That time my daily schedule was like,
Eat-> Sleep -> Bug Hunting -> Repeat
A few months back, I thought to let’s give it a try so I just picked a random website lets to say asdf.com
Now, asdf.com is a cryptocurrency exchange website, and in a general way I tried to scan the website while doing the testing I came across the login page and got to know that we can create an account and so after creating the account I found out a place where we could request for password reset for our account. On the login page there was an option of reset password so just to give it a check I requested for my password reset through that reset option, The forgot password link was something like this,
www.asdf.com/resetpsswd/email=hacker2202@asdf.com&token=aknajdnskvbskfv34tr34nj3rrff33grjqw
Here if you notice, there’s and email change option. I tried changing the email address and checking the link and what a stroke of luck it was just 5 minutes of testing I got the bug, but after changing the email I was not able to change the password as the site has 2-factor authentication implemented.
As the 2-factor authentication was implemented I thought we cannot do anything of it now as altering the email doesn’t work, but suddenly I saw a mail-in my altered email inbox it was from the asdf.com it was like,
I got a new reset password link of that account to my altered email address.
So what was happening was
when we are requesting a password reset for our account we were getting a mail and that reset password link had token expiration vulnerability ( it was not expiring the token after one use)
2nd the problem was when I was altering the email and processing the link I was able to get a new reset link to my altered email address of the victim’s account (not exactly same but something like Http pollution attack)
So in this way, I was able to earn good, client-side attacks also pay very well if we show the attack scenario properly.
What might be the fix for this type of issues?
- Token Verification & Expiration.
- Avoiding unnecessary Parameters Like Email
- Implementation of 2 Factor-Authentication.
- Most importantly checking the workflow of that section
This was just an example for client-side attack I will be discussing in detail about client-side attacks in my further blogs (Will publish it soon)
“So Next time you see any parameter try to play with it who knows you might get lucky and get some bucks added to your account”
This blog I have only made for the specific findings only, Do Subscribe to my blog if you find it useful!!!
Hint for the next blog: Is it possible to hijack a browser through XSS?