E.Mail.Ru Send Edited Message Vulnerability

Published
Credit
Risk
2017.01.01
Ehsan Hosseini
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

================================================================================
# E.Mail.Ru Send Edited Message Vulnerability
================================================================================
# Site: https://e.mail.ru/
# Author: Ehsan Hosseini
# Contact: hehsan979@gmail.com
# Vulnerability Type: Design Issue, Privilege Escalation
# Severity : High
================================================================================
# Description:
https://en.wikipedia.org/wiki/Mail.Ru

# PoC :
Steps to reproduce
~! https://e.mail.ru/signup! !~
Step 1 : Complete SignUp Form
Step 2 : Enter a Incorrect Number Phone.
Step 3 : Open Live Http Headers Firefox plugin
Step 4 : Submit Form
Setp 5 : Repaly Request to ~
https://e.mail.ru/cgi-bin/smsverificator?&ajax_call=1&lang=ru_RU&func_name=register
~
Setp 6 : Edit domain parameter to a text.
Step 7 : Edit phone parameter to a number every body you want send message to them.
Step 8 : Repaly Request...
Step 9 : Now Send Edited Message to NumberPhone

Know See Mobile Phone see message

Should see attached video and next see picture

Video : https://youtu.be/cEiik4mE-pM
Result : https://cdn.pbrd.co/images/gyMQ5rh1A.png

# Timeline:
12 Sep 2016 - Discover Vulnerability
16 Sep 2016 - Report To Vendor
28 Sep 2016 - Mail.ru Confirmed This Issue
28 Sep 2016 - Mail.Ru rewarded $150 bounty.
01 Jan 2017 - Public Disclosure

# Discovered By : Ehsan Hosseini
# Spx Tnx : Porya

References:

https://youtu.be/cEiik4mE-pM
https://cdn.pbrd.co/images/gyMQ5rh1A.png


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com