and the XSS vulnerable webpage share the same origin.Misconfigured “X-Frame-Options” response header.To summarize, the authorization bypass is made possible by combining the following low-risk findings: After submitting their credentials, the exploit is triggered.įull details of the finding can be found below. On the other hand, unauthenticated users are prompted to log in first. Authenticated users are affected once they click on a malicious link. These tokens allow a malicious party to perform GraphQL operations (e.g., RentalHistory, UserInfo, deleteRecording, etc.) impersonating the victim.Ī minimum of user interaction is required to trigger the exploit. To protect their identity, let’s assume that the asset in-scope was .Ĭhaining a number of low-risk vulnerabilities on allowed us to craft an exploit that can be used to steal OAuth and JWT tokens of end-users. This article is about an authorization vulnerability we discovered during one of our pentest engagements for one of our clients. One of our ethical hackers describes a real case to illustrate the consequences. Organizations often ignore the presence of low-risk vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |