Posts

Showing posts from 2015

[Responsible disclosure] How I could have removed all your Facebook notes

Image
Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed.Summary:This blog post is about an Insecure direct object reference vulnerability in Facebook Notes using which attacker could have removed all your notes just by replacing his Note id with yours in note editing request. 


About Facebook Notes:Facebook Notes are ways of writing entries about your life, your thoughts, or your all-time favorite songs and then sharing them with your Facebook friends. The beauty of Notes lies in the ability to blog without needing to distribute a web address to friends so that they can go check out your blog. Instead, your friends are connected to your Profile. Therefore, when you publish a Note, it appears in your News Feed.


Vulnerability description: Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypa…

[Responsible disclosure] How I could have hacked 62.5 million Zomato Users

Image
Note: This is being published with the permission of Zomato Team. The vulnerability is now fixed. Zomatois an online restaurant search and discovery service providing information on home delivery, dining-out, caf├ęs and nightlife for various cities ofIndiaand 21 other countries. It has 62.5 million registered users. While creating an account, a user can store his phone number, addresses, date of birth, link Instagram account etc. In one of the API call, they were reflecting the user data based on the "browser_id" parameter in the API request. Interestingly, changing the "browser_id" sequentially resulted in data leakage of other Zomato users. The data leaked also had Instagram access token which could be used to see private photos on Instagram of respective Zomato users.
Below are the technical details of the vulnerability:
Description:
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result…