Security vulnerabilities

This is the security vulnerability reporting site for alwaysdata. Please make sure you read our bug bounty program before registering and creating a new task to submit a vulnerability you've discovered.

Once processed, the reports are public. Any private information can be transmitted via a support ticket on our administration interface.

ID Summary Status Date closed
 13  Lack of Verification Email  Closed16.01.2024 Task Description

Description:

The website lacks proper email verification.During the user registration process,it only sending a greeting email upon registration. The absence of email verification could lead to create unverified accounts and host content with any email address, potentially poses a serious security risk.

Impact :

The absence of email verification poses a significant security risk, allowing the potential use of any email address for registration on a hosting site without proper authentication. This could lead to the creation of accounts under false identities, enabling malicious actors to host illegal content anonymously.
The free hosting service, which doesn't require valid details, may be exploited for unauthorized activities, emphasizing the need for robust email verification procedures to ensure account legitimacy and prevent abuse like.

Spam distribution

Phishing campaigns

Distribution of illegal or harmful content

Reputational damage to the platform

So, I am Reporting this issue to the platform's security team for addressing the vulnerability and enhancing overall security.

 12  No rate limit on Submit tickets Closed15.01.2024 Task Description

Hi team,
iam an ethical hacker, web application penetration tester and bug bounty hunter.
I found a new Vulnerability So iam reporting it to you now.

Vulnerability: No rate limit on Submit tickets

Description:
I have identified a vulnerability in the organization's Submit tickets system, where the request to Submit tickets has no rate limit.

To reproduce this issue, follow the steps below:
Step 1: Go to the organization's website: https://admin.alwaysdata.com/support/add/ Step 2: fill the form by typing "1" in the "subject" section and type "2" in the Message" section and intercept the request using Burp Suite.
Step 3: Send this request to Intruder and make the payload on "1" that belongs to "subject" section then go to payloads and add numbers from 2 to 20.
Step 4: then start the attack.
Step 5: Observe that the 20 tickets send to support.
Please see my attached screenshots too.

This demonstrates that the vulnerability allows for mass tickets or tickets bombing to the organization, which is detrimental to business operations.

Impact:
1- Increased Load on Servers: Without a rate limit, there could be a significant increase in the number of requests to the server, which could lead to excessive load.
2- Vulnerability to Attacks: It could make the organization more vulnerable to attacks such as Denial of Service (DoS).
In a DoS attack, an attacker could flood the system with requests, consuming too much network capacity, storage, and memory.
3- Compromised User Experience: If the server is overwhelmed with requests, it could slow down the system for legitimate users.

I used an email address "haneenibra5566@gmail.com".com",
You can check the tickets that have sent from it.
I made the above scenario with this email address.

Solution:
To mitigate this vulnerability, it is recommended to implement additional security measures such as adding a CAPTCHA or implementing rate limiting on the invitation endpoint.
By adding these measures, the organization can prevent malicious users from exploiting the system and protect the business and its users from the negative consequences of mass mailing attacks.

I hope my report will keep you in safe

 2  XSS Vulnerability in [admin.alwaysdata.com] Support Tic ...Closed12.01.2024 Task Description

XSS Vulnerability in [admin.alwaysdata.com] Support Ticket System

Vulnerability Report
Greeting: Dear Team

I'm writing to report a critical Reflected Cross-Site Scripting (XSS) vulnerability discovered in your [admin.alwaysdata.com] application. This vulnerability allows attackers to inject malicious JavaScript into the application, potentially compromising user accounts and sensitive data.

PoC: By sending a specially crafted request containing the payload redhet"'><script>prompt(document.domain)</script> through the add_participants parameter in the support ticket creation form, we can trigger the XSS vulnerability and execute arbitrary JavaScript in the victim's browser.

Summary:

A reflected XSS vulnerability has been identified in the "add_participants" parameter of the support ticket creation form on admin.alwaysdata.com. This vulnerability allows attackers to inject malicious JavaScript code that will be executed in the victim's browser when they view a vulnerable page.

Vulnerability Details:

Type: Reflected XSS (OWASP A4)

Exploit: Injecting malicious JavaScript through a vulnerable request parameter

Vulnerable URL: https://admin.alwaysdata.com/support/add/

Vulnerable Request: POST /support/add/

Vulnerable Endpoints: The add_participants parameter in the support ticket creation form

Payload: redhet"'><script>prompt(document.domain)</script>

This parameter is used to add participants to a support ticket, but it is not properly sanitized, allowing attackers to inject arbitrary code that will be executed in the browser of any user who views the vulnerable ticket.

## Impact Assessment

1. Impact one: Information Disclosure: The attacker can steal sensitive user information, such as cookies or session IDs, by executing malicious JavaScript within the victim's browser.

2. Impact two: Account Takeover: The attacker could potentially hijack user accounts by tricking them into executing malicious code that grants unauthorized access.

3. Impact three: Defacement: The attacker could manipulate the content displayed on the application by injecting malicious JavaScript that alters the user interface.

## Recommendations

1. Step one: Immediately sanitize all user input: Implement strict input validation and sanitization procedures to prevent the injection of malicious code. This includes escaping special characters and enforcing a Content Security Policy (CSP).

2. Step Two: Patch vulnerable software: Update all relevant software to the latest versions to address known vulnerabilities.

3. Step three: Consider additional security measures: Implement a web application firewall (WAF) to further protect against XSS attacks.

4. Step four:Regularly scan for vulnerabilities: Conduct regular penetration testing and vulnerability scans to identify and address potential security issues.

Impact:

Execution of arbitrary JavaScript code in the victim's browser
Potential for session hijacking, credential theft, or other attacks

## Steps to Reproduce

1. Step one: Access the support ticket creation form at https://admin.alwaysdata.com/support/add/

2. Step two: Enter the following payload in the "add_participants" field: redhet"'><script>prompt(document.domain)</script>

3. Step three: Submit the form.

4. Final step: Observe that the JavaScript code is executed, displaying a prompt with the domain name. (cookies)

Attachments
PoC Video: [Link to video demonstrating the vulnerability]**

## References

[OWASP XSS Prevention Cheat Sheet]: (https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)

[OWASP XSS Testing Guide]: (https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting)

I hope you will give me a good answer!!

If you have any questions, feel free to ask them ;)

Thank You,

Regards,
Redhet

Showing tasks 101 - 103 of 103 Page 3 of 3

Available keyboard shortcuts

Tasklist

Task Details

Task Editing