2017 has been a hot year for hackers and the trend shows no sign of stopping. Major hacks, data breaches, vulnerability exploitation have led to millions in losses for the organizations who failed in establishing proper web application security. The instances of cybercrime are increasing every year, also the cost associated with the attacks are increasing. In a recent survey by ZDNet, 53% of decision-makers said that they will prioritize cybersecurity in their 2018-19 budget. According to WhiteHat Security report, out of total breaches reported in 2017, 30% featured involved attacks on web applications and 62% featured hacking to exploit vulnerabilities. It was also concluded that despite growing security awareness, applications continue to remain vulnerable across all industries.
As a pilot, our in-house security experts conducted a security scan of America’s biggest online marketplace website. And we realized that website had many critical vulnerabilities which could be weaponized to deliver malicious content or files to users, display and alter user content allowing a wide range of attacks that could be even more dangerous.
Issue: Privilege Escalation- CSRF
As illustrated in the above video, an attacker can register and make a profile on the website. Then they have the access to upload, edit and delete documents/images on their profile. An attacker can click on delete to delete their own document and intercept this delete request using a tool called Burp. The attacker can then change the assignment_id and asset_id in the POST request to delete some other user’s assignment details.
Issue: Privilege Escalation- Horizontal
An attacker can navigate to the assignment section in their profile, replace their user id with another user ID in the URL and then append description into the URL. The description of that another user is visible to the attacker.
Issue: Error Handling
The exception message which is thrown as a response contains information which could be further exploited by the attacker.
Issue: Method Interchange/CSRF Token Missing
An attacker can easily download the data of any user by copying the download URL. This is because a GET request is triggering instead of the POST request when downloading attachments. Secondly, A CSRF token is missing with the request triggered.
Issue: Unrestricted File Upload
An attacker can easily make a profile and upload files to the server that can be abused to exploit other vulnerable sections of an application. For example, an attacker can upload an executable file which can attack and exploit other parts of the application.
The above vulnerability report is proof that an application has one or more serious vulnerabilities open during a given time period. According to WHS report, close to 50% applications remain vulnerable every single day of the year. We have been helping organizations for the past 10 years with security solutions to uncover all vulnerability gaps. Our security reporting follows industry standards such as OWASP and SANS. We provide an impact assessment and detailed mitigation proposal for remediation consultation post threat exploitation.
Share your website/application and security concerns with us. Our consultants will perform a Pilot Scan and will get back to you with a report of critical security bugs.