- Status Closed
-
Assigned To
nferrari - Private
Opened by dracula74644 - 28.03.2024
Last edited by nferrari - 28.03.2024
FS#44 - Security Vulnerability | Business Logic Flaw
Subject: Business Logic Flaw
Dear Security Team,
I trust this message finds you well in safeguarding our digital domain. I have successfully conducted a penetration test and am pleased to present the detailed findings in the attached report below.
Vulnerability Details:
Type: Business Logic Flaw
Severity: Medium
Vulnerable Endpoint: https://admin.alwaysdata.com/admin/account/add/ Description: The vulnerability enables attackers to bypass the restriction limiting the creation of only one Free Public Cloud (100MB). By exploiting this vulnerability, known as a race condition, an attacker can create more than 1 instances of the Free Public Cloud (100MB), potentially leading to resource abuse and unauthorized usage.
Reproduction Steps:
Log into the attacker’s account.
Remove all previous accounts from the attacker’s main account.
Attempt to add 2 Free Public Cloud (100MB), which will fail due to the existing function limitation.
To bypass this limitation, delete all Free Public Cloud (100MB) instances and capture the request to add a Free Public Cloud (100MB) using BurpSuite.
Duplicate the captured request in multiple tabs and modify the account names in each request.
Group all the requests and configure them to be sent in parallel (Single Packet Attack) in BurpSuite.
This will result in the addition of more than one Free Public Cloud (100MB).
Proof Of Concept:
Image & video-based POC is connected to the email.
Impact:
The impact of this vulnerability is significant as it allows attackers to bypass restrictions and manipulate the system to their advantage. By exploiting this flaw, attackers can create multiple instances of the Free Public Cloud (100MB), despite the intended limitation of only one. This can lead to several adverse consequences
Mitigations:
Increased resource usage and financial losses.
Risks of data breaches and damage to reputation.
NOTE: THESE ATTACKS HAVE BEEN DONE WHILE KEEPING SERVER’S SECURITY IN MIND, ENSURING THAT THE SERVER DOES NOT INCUR ANY DAMAGE. THIS ATTACK HAS BEEN PERFORMED WITH CAUTION.
Regards,
Zeeshan Beg
Google Drive POC Link : https://drive.google.com/file/d/1qz6s7g6l1dYsF1aq3PpAoIyzeodZTUBx/view?usp=sharing
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hi,
Thank you for this report.
This behavior is indeed unfortunate, and will be fixed in the future, but there is no real security threat.
I close this report.
Regards,
Okay, Thanks for your response!
so there will not any bounty for that ?
No because there is no security threat. The report is closed.