BrownBag.in Bug's (Parameter Tampering, XSS, Stored-XSS)



During the COVID-19 pandemic their is surge in the online grocery store. So, it intriguied me, So i started searching website that deliver in my zone and guess what! I found BrownBag.in.

So i build and account on it and tried to order something on it. You know what happened then, I ordered the product of 750 in just 1 rupees.


Now we are going to learn how that happens.

In security term it's just know as Parameter tampering:

So let's know what is parameter tampering

The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.

This attack can be performed by a malicious user who wants to exploit the application for their own benefit, or an attacker who wishes to attack a third-person using a Man-in-the-middle attack. In both cases, tools likes Webscarab and Paros proxy are mostly used.

The attack success depends on integrity and logic validation mechanism errors, and its exploitation can result in other consequences including XSS, SQL Injection, file inclusion, and path disclosure attacks.

For a short video clip describing the vulnerability, click here (Courtesy of Checkmarx)


Ohh man! Enough of theory now let's dive into how that happened. But before that you require one tool and that favorite of all pentester. Yes you guessed it right it's Burp Suite.

You can apply this knowledge probably on every site which lacks validation or trust client input so much .Lately i thought of making video because that would be more understandable.




Comments

Post a Comment

Popular posts from this blog

Sql Injection: Starting from Basic

Blocking Apostrophe: Values to Try Find User or Parameter to inject Name Herp Derper #Try to replace prameter with inverted(') or double quote("), Just see where it throws error. Detect Filtering Name Herp 'Derper # trying the name value as Harp 'Derper insted of Herp Derper      Detect Vulnerability Once vulnerablity is detected or where system throws error try to equalize the query Earlier the query was follow: Select * from user where name='$input'; But we have used an inverted comma in our input so here we get an error because of extra comma, so we need to nutrilize it. Now our Input becomes ' or '1'='1 Isadmin 2 - 1 Test for 1 Column Returned Name Herp Derper Isadmin 1 UNION SELECT Null # Test for 2 Columns Returned Name Herp Derper Isadmin 1 UNION SELECT Null , Null # Find Database Names Name Herp Derper Isadmin 1 UNION SELECT Null , table_schema FRO
Read more

BrownBag.in Bug's (Parameter Tampering, XSS, Stored-XSS)

Image
During the COVID-19 pandemic their is surge in the online grocery store. So, it intriguied me, So i started searching website that deliver in my zone and guess what! I found BrownBag.in. So i build and account on it and tried to order something on it. You know what happened then, I ordered the product of 750 in just 1 rupees. Now we are going to learn how that happens. In security term it's just know as Parameter tampering: So let's know what is parameter tampering The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack can be performed by a malicious user who wants to exploit the application for their own benefit, or an attacker who wishe
Read more