Jump to content
Sign in to follow this  
Nytro

Escalating Low Severity Bugs To High Severity

Recommended Posts

Escalating Low Severity Bugs To High Severity

 
This time I am gonna share about some ways that I have learned & applied while participating in bounty programs and was able to escalate Low severity issues to higher severity. Let's Go To the Technical details straight:

Note:
You might also be able to use Window Object instead of Iframe in the following Cases I mention but it's better to use "Iframe" instead of "Window" to be stealthier and have least User-Interaction though it requires Clickjacking to be present too.

Case #1. Self Stored-XSS and Login-Logout CSRF:

Pre-Requisites:
1.) Victim must be loggedIn on the Application
2.) Some kind of sensitive information of the currently authenticated user should be present on some page(via Web API etc.)
Screenshot_330.png
ATTACKER Having Self-Stored XSS in Profile Description:
Screenshot_329.png
Attack Summary:-
1. Victim Visits Attacker's Page
2. Create 2 Iframes
   Frame #1(VICTIM) pointing to the sensitive info page (eg. CreditCards, API Keys, Secrets, password hashes, messages etc. which is only visible to the authenticated user)

   Frame #2(ATTACKER) pointing to Self-Stored XSS page

Screenshot_331.png

3. Perform the following on the Attacker Page:
Once the Frame #1 is loaded completely
     a) Logout from Victim's account
     b) Login to Attacker's/your Account using the login CSRF

In the Frame #2
     c) Execute the Self-Stored XSS in your(attacker's) and Access the Frame #1 using top.frames[0].document.body.outerHTML since the Same Origin and steal it and send that info to your server
Screenshot_333.png



Screenshot_332.png
 

 

Full article: https://www.noob.ninja/2018/07/escalating-low-severity-bugs-to-high.html

  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×