No hard feelings, I stole your cookies.

and I pwned your server. Have you ever heard about the Samy worm? If not, read the link. If yes, carry on. I was having fun around when I noticed that I could input HTML in a site.

I can’t actually explain everything regarding the attack but… I bypassed their XSS-protection (HttpOnly) by using HTTP defined requests. I “debugged” their server as well because someone never turned off that feature and I was able to steal some OAUTH keys (of my victim account) which in turn allowed me to post the same code in his profile. If both profiles were public, you understand that things would turn ugly pretty fast. On top of this, while I was filing the bug report, I noticed that some cookies allowed you to login, logout, the level of access etc. Ermmm… I woke up and it was 2014, not 2005.

 

Leave a Reply

Your email address will not be published. Required fields are marked *