Google !
Bug : Circumventing "Limit to 1 response" of Google forms (Parameter Injection)
Discovered on: 30th, November 2016. Research Time: 2:00 p.m to 9:30 p.m.
Earn more by display ads on blog with Lithific Ads
If you open the form to fill again, the response would be like the image below.
I created a test form and checked "Edit after submit".
Once this test form is filled I can change the previous response. I clicked on the "Edit your response"and intercepted the request. I changed the form id and forwarded the request. I was able to see the form that was submitted.
I analysed the requests for test form that will be sent successfully after editing and the user's form which goes with empty fields.
Want to get icons for app Development Here it's
A parameter in the URL was being deleted at the Client-side when "SUBMIT" button was clicked for the user's form, deleting all the fields and sending the form. Google played it smartly!
The intercepted request for user's form was:
POST /forms/d/e/[form-id]/formResponse HTTP/1.1
Host: docs.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5<br> Accept-Encoding: gzip, deflate,
Referer: https://docs.google.com/forms/d/e/[form-id]/viewform?edit2={server generated value}&fbzx=[server generated value]
Cookie: ----
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 234
{message-body}.
What I deduced from reading the blogs of hackers was if you get the response like "Your report is triaged....." or "Nice Catch !....." the reward is sure. My expectations for the reward was so high that it didn't make me sleep for 2 weeks. Every morning as soon as I woke up I used to open my inbox.
On 14th December 2016, I got a mail from Google Security Team. I was expecting there would be "$" in it.
I was not completely happy with the response. I made my way to the Hall of Fame and got acknowledged by Google.
Click on this > Google VRP Hall of Fame
facebook
Bug 1: Disclosing the total number of friends a user made.
In the first week of November 2016, I submitted this bug that was disclosing the number of friends a user made till date regardless of privacy settings.
GET request url : https://graph.facebook.com/{user-id}/friends
The security team responded that it is not a privacy issue as it was disclosing only the "total_count" and declared as not eligible for the reward and appreciated the report.
GET request url : https://graph.facebook.com/{user-id}/friends
The security team responded that it is not a privacy issue as it was disclosing only the "total_count" and declared as not eligible for the reward and appreciated the report.
Bug 2: Insecure Direct Object Reference on "See Friendship" page.
After few days I got a response from the Facebook Security team that it was not a valid bug because this was an intentional behaviour and user can edit his/her posts that were made on ex friend's timeline.
Earn more by display ads on blog with Lithific Ads
The blog article very surprised to me! Your writing is good related to personal care In this I learned a lot! Thank you!, please checkout more information on Lotus Notes xpages Consultant
ReplyDelete