Hello Guys!
Today I will talk about why 4shared accounts got hacked everyday. 4shared as we all know is a hosting service and file sharing founded in 2005 , and now all the world uses it to store their files but what happened if our files stolen or deleted (hacked) that's what happened to me in 2008 and with some of my friends i found my old account got hacked 6 years ago by collect all my files in a new folder named with attackers group so i decided 1 year ago as i'm Software Engineer as also a security researcher looking for why every-time i found 4shared accounts hacked so i found 8 months ago that 4shared not secured at all it's all vulnerable to XSS attack and as we know we can steal user cookies including their session id and also now all the world using 4shared and pay to premium accounts so why people pays and store their files in a service not secure at all so i contacted 4shared with XSSs vulnerabilities and they rewarded me with premium account for 6 months but i started again to looking for a dangerous vulnerabilities again and have a deep impact on users so i found these critical vulnerabilities in my POC Video as below :
IMPACT :
1 - Openssl CCS Injection Vulnerability :
==============================
As we know this a critical vulnerability in Openssl discovered 2 months ago in June 2014 : it could allow for a man-in-the-middle attack against an encrypted connection.SSL/TLS connections typically allow for encrypted traffic to pass between two parties where only the intended senders and recipients can decrypt data.In the event of a man-in-the-middle attack, an attacker could intercept an encrypteddata stream allowing them to decrypt,view and then manipulate said data.
so this is a critical vulnerability Network Wise and it negates the use of SSL as a privacy protection barrier. and this because they didn't care about users safety they should upgrade their openssl version to patch this critical vulnerability.
2 - Apache Tomcat examples directory vulnerability :
==============================
Tomcat application server by default contains "/examples" directory which has many example servlets and JSPs.
4shared should disable public access to this directory by following security reasons:
1 - Bypassing HttpOnly Cookies protection
2 - CSRF cookies manipulation
3 - Session manipulation
This vulnerability bypass 4shared httponly cookie protection so attacker can access and manipulate user cookies and steal it and what if this cookies contains user tokens so attacker in this case will have user session id and token so he/she can do any request to the victime account.
3 - Cross-site Scripting in 4shared login page:
==============================
it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
as i talked about XSS above the problem is really all 4shared vulnerable to XSS attack and that's the problem they have to using WAF and fix all these because the impact of these XSSs innocent users.
4 - Clickjacking attack :
===================
I discovered also 4shared vulnerable to "Click Jacking" attack it
can load in iframe.
can load in iframe.
IMPACT :
=======
when an attacker uses multiple transparent or opaque layers to trick a
user into clicking on a button or link on another page when they were
intending to click on the the top level page. Thus, the attacker is
"hijacking" clicks meant for their page and routing them to other
another page, most likely owned by another application, domain, or
both.
when an attacker uses multiple transparent or opaque layers to trick a
user into clicking on a button or link on another page when they were
intending to click on the the top level page. Thus, the attacker is
"hijacking" clicks meant for their page and routing them to other
another page, most likely owned by another application, domain, or
both.
Finally , 4shared is not secured at all and we all used it to store our files and what if our files contains sensitive data it can lead to hack another accounts in different vendors if there's any confidential data stored.what if i'm a bad guy (black-hat) so i can exploit these critical vulnerabilities easily that's what happens everyday to users(victims) .
Video Demonstration URL :
4shared smart tool for data file sharing
ReplyDeleteReference: 4shared mp3