I'm going to share another case where I attempt from bug bounty program.
The issue I found initially was from Paypal Bug Bounty Program. And few weeks ago, I found a similar issue in Google's service. So did I rewarded from both of them? Lets check it out.
The issue I found is Sensitive Information Leakage. Where user's personal email used for registration for that application exposed to the attacker with a simple method.
In Paypal Bug Bounty Program, the URL affected was
https://www.paypal-communications.com/Zone/Registration.aspx
As we can see from above screenshot, there's a form for us to "Retrieve Password" a.k.a Forgot Password.
If we submit a non-exist user, the application will throw a message "No User Found"
So? what's the issue actually? its normal aint it?!
Nothing's wrong?! Hah! Look on image below then!
Got it? Yeah! If we put a valid username on that form,the message will show user's personal email. As shown above, I test for username administrator and I can see his/her personal email used for this application. This might be used for some Social Engineering attack.
For this issue, Paypal rewarded me $100.
So how about the case with Google Bug Bounty? Did they reward me as well?
Yeah,Google did not accept that issue as a risk. I'm not going to deny their judgement. Its up to their company. Each company do have their own severity level identification.
Below is the screenshot I sent to Google team.
I think that's all guys. Till next time with another sharing from me :)
EDIT
some of you might noticed that this post disappear with sudden previously. This is due to another reply I got from Google;
Yes, Google also take this issue as a threat/bug as well. So I need to draft the post until the issue fixed. Just checked just now and seems the issue was resolved.
Adios
@yappare
0 comments:
Post a Comment