# Exploit Title: iGap Meesenger Web Client Lock Screen Bypass
# Details: iGap is a free Iranian open-source instant messaging application for smart phones , Web and personal computers.
# Date: 4-23-2017
# Wiki: https://en.wikipedia.org/wiki/IGap
# Exploit Author: Snooper
# Contact: firstname.lastname@example.org
# Risk: High
# Category: web apps
# Tested on: Chrome
# Vulnerable website: https://web.igap.net (iGap web client)
# Version: 3.2.4 (latest version) and lower
iGap web client (https://web.igap.net) srtores lock screen password hash (sha-256) in the browser local storage without server-side encryption!
After enabling lock screen and setting password , password hash is stored with "iGap__lockScreenSetting" key in the browser local storage so
anyone who has access to the client browser is able to delete that key and bypass the lock screen.
2. Exploit :
- Press Ctrl+Shift+j in chrome browser to open "console" tab.
- Enter the following command in the console line to delete "iGap__lockScreenSetting" value :
- Reload lock screen page by pressing Ctrl+R.
- Lock screen bypassed :)