Vulnerability Report:

Asim Shahzad protector_47 at outlook.com
Thu Sep 4 16:52:30 EDT 2014


Hi,
Sir i found a Vulnerability on http://pidgin.im

Caption:
Token Validation!

Environmental Information:
Browser: Mozilla Firefox 31.0
Operating System: Windows 7 32-bits
Tool: live HTTP headers 0.17

Vulnerable URL:
https://developer.pidgin.im/register

Tool description:
1.To find this Vulnerability i use "live HTTP headers".
2.Which is an add-on of Mozilla Firefox.
3.It is use to capture any registration or any request.Also it provide options to edit any request manually and then resend the edited request.
4.You just have to add this add-on in Mozilla Firefox.
5.If you want capture any request then you have to open "live HTTP headers" from Menu bar  >> tools >>   live HTTP headers and mark check on the capture box then all activities will capture.

Bug description:
1.http://pidgin.im have Register all users on same  token,
Which is:

1f0e1c1e81c865798e2aa21

2.Token is not Validating with registration.
Steps to Reproduce:
1.First you have to add an add-on "live HTTP headers 0.17"
2.This is an add-on of Mozilla Firefox
3.Which is use to capture any registration request.
4.Then Register an account on https://developer.pidgin.im/register
5.After fill up the sign up form do not click on "Create account" button. First you have to open "live HTTP headers" from Menu bar >> tools >> Live HTTP headers and mark check on capture box.
6.Now click on "Create account" button "Live HTTP headers" have captured your registration request.
7.Find this link on the captured request.

https://developer.pidgin.im/register

8.Select this link by single click then click on replay button and then you will see another window in which there is an  token. Copy the token on notepad.
token will mentioned in the captured request
Like this:


__FORM_TOKEN=1f0e1c1e81c865798e2aa21


9.Now register second account >> capture the request >> and then copy the 2nd account's token on the notepad.Then compare both tokens with each other both will be same.

1f0e1c1e81c865798e2aa21

10.This is the token at which all user's have Registered.

Additional Information:
1.It is too harmful.Because in this situation any of bot/hackers can able to register unlimited Registration with same  token.
2.Also There is a warning from brute force attack!

You will further understood after watching attached video.
Fix it as soon as possible!
Thank you.
The Security Researcher.
M.Asim Shahzad.


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140905/fa918090/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin.avi
Type: video/avi
Size: 4363738 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140905/fa918090/attachment-0001.bin>


More information about the security mailing list