A short tale of "how i got rewarded by paytm" ??
Total 3 criticle Security Flaws :
Proof of concept of 1st flaw: getting complete account access to any user account .
Am not going deep ,, just Brief
# started my weapon [burp suit] and configured to capture the request
# browsed the paytm password reset page [intercept off]
# typed phone number to reciev one type password [4 digits]
# intercept on -> click submit button -> capture the request -> saw the 4 digit OTP in the POST request
# got the access
Proof of concept of 2st flaw: Unlimited money transfer
# confugured my firefox with the user agent switcher to iphone 3.0
# go to refill wallet
# entered the amount [i did 3000/- cos ama faggit]
# select the payment type : online banking
# choose federal bank [cos there was no validation in the payment gateway]
# its will take u to federal bank payment portal [reload the page] .
# then this is what i got
# they got notified and ip was blacklisted [there is no access to federal bank now]
Proof of concept of 3rd flaw: accessing paytm with 2 diffrent password .
Suppose, you have an account on paytm
Somehow an attacker manage to get your password and logged in your account.. after knowing that
your ID has been compromised what you'll do ?
i guess first thing that will popup into your head is, "I should change my password!" and you'll
change the password.. maximum users just change his/her password when they recover their ID.
in paytm.com, changing the password doesn't destroys the other sessions which are logged in with
old passwords.
(Logging in with the new password doesn't invalidate the older sessions either)
As other sessions is not destroyed, attacker will be still logged in your account even after changing
password, cause his session is still active.. he'll have complete access on your account till that
session expires!
So, your account remains insecure even after the changing of password.
ليست هناك تعليقات:
إرسال تعليق