Vulnerability Report:

Eion Robb eion at robbmob.com
Thu Sep 4 17:07:23 EDT 2014


The __FORM_TOKEN post parameter comes from the trac_form_token cookie, and
appears to be used as a form of XSRF-protection, nothing more.  If you
disagree, I'd suggest you email Trac to let them know.


On 5 September 2014 08:52, Asim Shahzad <protector_47 at outlook.com> wrote:

> Hi,
> Sir i found a Vulnerability on http://pidgin.im
>
> Caption:
> Token Validation!
>
> Environmental Information:
> Browser: Mozilla Firefox 31.0
> Operating System: Windows 7 32-bits
> Tool: live HTTP headers 0.17
>
> Vulnerable URL:
> https://developer.pidgin.im/register
>
> Tool description:
> 1.To find this Vulnerability i use "live HTTP headers".
> 2.Which is an add-on of Mozilla Firefox.
> 3.It is use to capture any registration or any request.Also it provide
> options to edit any request manually and then resend the edited request.
> 4.You just have to add this add-on in Mozilla Firefox.
> 5.If you want capture any request then you have to open "live HTTP
> headers" from Menu bar  >> tools >>   live HTTP headers and mark check on
> the capture box then all activities will capture.
>
> Bug description:
> 1.http://pidgin.im have Register all users on same  token,
> Which is:
>
> 1f0e1c1e81c865798e2aa21
>
> 2.Token is not Validating with registration.
> Steps to Reproduce:
> 1.First you have to add an add-on "live HTTP headers 0.17"
> 2.This is an add-on of Mozilla Firefox
> 3.Which is use to capture any registration request.
> 4.Then Register an account on https://developer.pidgin.im/register
> 5.After fill up the sign up form do not click on "Create account" button.
> First you have to open "live HTTP headers" from Menu bar >> tools >> Live
> HTTP headers and mark check on capture box.
> 6.Now click on "Create account" button "Live HTTP headers" have captured
> your registration request.
> 7.Find this link on the captured request.
>
> https://developer.pidgin.im/register
>
> 8.Select this link by single click then click on replay button and then
> you will see another window in which there is an  token. Copy the token on
> notepad.
> token will mentioned in the captured request
> Like this:
>
>
> __FORM_TOKEN=1f0e1c1e81c865798e2aa21
>
>
> 9.Now register second account >> capture the request >> and then copy the
> 2nd account's token on the notepad.Then compare both tokens with each other
> both will be same.
>
> 1f0e1c1e81c865798e2aa21
>
> 10.This is the token at which all user's have Registered.
>
> Additional Information:
> 1.It is too harmful.Because in this situation any of bot/hackers can able
> to register unlimited Registration with same  token.
> 2.Also There is a warning from brute force attack!
>
> You will further understood after watching attached video.
> Fix it as soon as possible!
> Thank you.
> The Security Researcher.
> M.Asim Shahzad.
>
>
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20140905/b30509db/attachment.html>


More information about the security mailing list