Dashboard

Application Errors

Severity: Low
Bug ID: 742
Researcher: guifre
Status: Disclosed
Submitted: 07/29/2017

Description:

Content spoofing & text injection on crowdshield.com Content Spoofing is an attack technique that allows an attacker to inject a malicious payload that is later misrepresented as legitimate content of a web application. This approach is common on error pages, or sites providing story or news entries. The content specified in this parameter is later reflected into the page to provide the content for the page. If an attacker where to replace this content with something more sinister they might be able to falsify statements on the destination website. Upon visiting this link the user would believe the content being displayed as legitimate.

Affected URL:

http://crowdshield.com/%20needs%20a%20new%20web%20client%2c%20please%20download%20http%3a%2f%2fattacker%2fvirus.exe%20to%20we%20able%20to%20open%20it.%20Your%20browser%20compatible%20plugin

Affected Params:

n/a

Bug Evidence:

Hi,

I get in touch to report that crowdshield.com is vulnerable to content spoofing and text injection.


This attack exploits the trust relationship established between the user and the web site.


PoC
http://crowdshield.com/%20needs%20a%20new%20web%20client%2c%20please%20download%20http%3a%2f%2fattacker%2fvirus.exe%20to%20we%20able%20to%20open%20it.%20Your%20browser%20compatible%20plugin

The URL path is URL decoded and attacker text is reflected back to the UI:

"The requested URL / needs a new web client, please download http://attacker/virus.exe to we able to open it.”

Please, let me know if you need further information

Best Regards,
Guifre.


Bug Recommendation:

Use a 404 page that don't include attacker text.

Direct Chat

5
guifre 07/29/2017
Message User Image
submitted a Application Errors bug to CrowdShield
CrowdShield 07/29/2017
Message User Image
Thanks for the heads up! This is fixed now.
CrowdShield 07/29/2017
Message User Image
awarded 5 points to guifre for a Application Errors bug
CrowdShield 07/29/2017
Message User Image
closed a Application Errors bug submitted by guifre
CrowdShield 07/29/2017
Message User Image
disclosed a Application Errors bug submitted by guifre

Pending Bugs

ID Severity Vulnerability User Date Status
692High Authentication Bypass dia2diab 07/01/2015 Disclosed
778High Privilege Escalation poseidon 08/24/2018 Disclosed
641High Privilege Escalation daksh 12/05/2014 Disclosed
744High Privilege Escalation realn0j 09/06/2017 Disclosed
670High Remote Code Execution zoczus 05/06/2015 Disclosed
593Medium Buffer Overflow rockcena 12/01/2014 Disclosed
578Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
580Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
659Medium Reflected Cross Site Scripting pratap 12/16/2014 Disclosed
742Low Application Errors guifre 07/29/2017 Disclosed
724Low Session Security and Cookies testingcs 04/24/2016 Disclosed
706Informational Other zediwon 09/28/2015 Disclosed
707Informational Other behroz 10/06/2015 Disclosed