Skip to main content

Posts

Showing posts from November, 2017

How I Pwned a company using IDOR & Blind XSS

This post is about exploiting Blind XSS and IDOR to gain access to company's Slack, Facebook Workplace and other services used by the company.

Special Thanks to Inti De Ceukelaire without his disclosure this would not have been possible.

And also thanks to my friend Harsh Jaiswal for giving some ideas.

Most of the people from infosec community must have read the disclosure by Inti De Ceukelaire regarding Ticket Trick, if you have not read I would suggest reading that first. ( https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c )

After reading the article, first thing came to my mind was exploiting this on a company as it had similar functionality on Support Tickets.

The company's website had a Support Portal. We could create a Ticket by sending an email.

Exploiting Ticket Trick to gain access to company's Slack or Facebook Workplace was not possible as Slack and Facebook included a random token while sending verification …