by harshjaiswal · Published March 27, 2016 · Upgraded April 12, 2016
Badoo Membership Takeover – Insect Bounty POC
Remember that the post is written by rough Jaiswalas & any blunder written down will be captivated merely from him We allow one to write materials on all of our web log as a guest/contributor so other can also learn.If you’re contemplating revealing your acquiring through insect Bounty POC Platform merely register on blog site and posting easily.
Thanks a lot Bharat & Behroz with this amazing system I’m beginner, soon i ll express my other 2 FB problems complete well worth 3000$
Hey anyone nowadays ! Today i wanna show my getting of Badoo where I could takeover anybody account by just offering him/her a poisionous website link
Badoo is a dating-focused social media services, founded in 2006[4]and headquarters in Soho, London. The site operates in 180 countries and it is preferred in Latin The united states, Spain, Italy and France. Badoo positions since the 281st best web site on the planet, per Alexa websites as of April 2014. Your website works on a freemiummodel. To increase further properties, a user will pay a fee or enable Badoo to e-mail all their pals.
Allows start
First of all we want to give thanks to my friend Rudra which usually promote me personally the guy considering me personally straightforward back link and I also got away a merchant account takeover from it
The insect was easy, it truly does work on a CSRF & A token missconfiguration. And simply valid for
When we transfer photo from Facebook or Instagram they lack any anti-CSRF token, the Facebook token which generated via Badoo try appropriate for everyuser. Now I could render a hyperlink to a user of my personal fb accounts to import photos, if individual will hit fine after that picture are going to be imported to his accounts.
But exactly how i got an takeover here ?
The fact i pointed out that the web link created normally exchange the user FB connected membership with attacker’s FB profile and the best part ended up being user should just check out back link no terminate or ok pressing expected.
Today an opponent can login via FB and totally takeover the levels and that can access all their chat, personal images and every thing
The insect was patched within 2 times of intial report. Advantage ($850) got quite much less from my personal hope .
Measures to reproduce was actually :-
1 -Create two Badoo profile attacker & target and link 2 diff fb accounts in each
2- Login as ‘attacker’ and check-out import photographs via fb and replicate the hyperlink from URL club
3- today login as ‘victim’ in diffrent internet browser and open the hyperlink and then click cancel.
4- FB accounts of ‘victim’ is actually replaced with FB membership of ‘attacker’ (taken from ‘attacker’ one)
5-Login via attacker’s FB account and you will certainly be logged in as ‘victim’ levels
Congo u simply hacked victim account
Extra reason
Imagine a user has an account of assailant ‘A’ with FB connected which ‘FB-of-A’ and a sufferer account ‘B’ with fb connected which is ‘FB-of-B’ now attacker establish a web link to import photos from his fb and provide they to sufferer ‘B’ the guy starts it and hit terminate but this bring altered his FB levels ‘FB-of-B’ to attacker’s FB levels ‘FB-of-A’, now attacker can login together with fb account in victim’s badoo fund.
I could chat with my prey on Badoo might have actually hacked his/her profile in 5 minutes
Bug Timeline
09 March : Reported 10 March : Bounty Rewarded 850 USD 11 March : insect patched