Webinar Pro or Not: The $500 Access Control Bug
2023-9-18 12:29:50 Author: infosecwriteups.com(查看原文) 阅读量:14 收藏

Abhi Sharma

InfoSec Write-ups

Discover how, I uncovered a $500 access control bug allowing unauthorized webinar creation. Learn about the implications, responsible disclosure, and the importance of access controls in cybersecurity. Join me for this exciting adventure in security, discovery, and digital empowerment!

Well, lightning struck twice for me on the same platform where i previously uncovered a surprise XSS (Cross-Site Scripting) vulnerability. If you missed that story, you can catch up on it here.

Now, let’s dive into our latest adventure, uncovering a different kind of bug — an access control issue on the “Exameet”(Not Real Name) platform. This particular bug allowed users to create webinars without the necessary “Webinar Pro” subscription.

About the Website

Exameet (Virtual Name to protect privacy of Private program), it’s a popular online platform that allows people to host webinars and online meetings. The website we explored operates with different access levels. To create webinars, users typically need a special “Webinar Pro” subscription. Think of it as needing a backstage pass to a concert. Which only can assign by the admin.

Cracking the Access Control

Our journey began with a simple question: Could i create a webinar without that backstage pass, the “Webinar Pro” subscription? After extensive testing, i found a way to do just that! Even without the subscription, i could create webinars. This was a glaring security issue because it meant the system’s access controls weren’t working correctly.

Steps to Reproduce:

  1. Admin Account: To reproduce the behavior, you’ll need an admin account on the Exameet platform. With this account, you can create other user accounts and manage their permissions from the admin page.
  2. User Creation and Login: Create a new user account and log in to Exameet using that user’s credentials.
  3. Grant “Webinar Pro” Package: Initially, assign the “Webinar Pro” package to the user you’ve just created.
  4. Webinar Scheduling: Login to the user’s account on Exameet and start scheduling a webinar. Capture the request made during this process.
  5. Change Account Package: Now, change the account package from “Webinar Pro” to something else.
  6. Exploiting the Bug: Here’s where the bug comes into play. Remember, webinars are supposed to be created with the “Webinar Pro” package. However, you can use the captured request to send it as many times as you want to schedule webinars, even though the account no longer has the “Webinar Pro” package.

The $500 Reward

Having identified the vulnerability, my next step was to report our findings to the platform’s security team. Recognizing the potential severity of this issue, they promptly acknowledged my report and initiated corrective actions. My efforts didn’t go unnoticed, and as a token of appreciation for our responsible disclosure, i were rewarded with a bounty worth $500.

Why It Matters

This discovery underscores the critical importance of robust access control mechanisms in any digital system. Access controls are the gatekeepers of security, ensuring that only authorized users can perform specific actions or access certain resources. When these controls break down, unauthorized access and potential security breaches can occur.In the context of webinars, strong access controls are vital for maintaining the integrity of online events, protecting user data, and ensuring a secure and positive experience for all participants.

Final Thoughts

The story of our bug discovery underscores the significance of access controls in safeguarding digital platforms. When access controls break down, it can lead to unexpected vulnerabilities.

Stay curious, keep exploring, and remember that every bug found is a step towards a safer online world and increasing in your bank balance. :)

Leave a clap if you enjoyed this read, and consider following me for more exciting content.

Find me on Twitter: @a13h1_


文章来源: https://infosecwriteups.com/webinar-pro-or-not-the-500-access-control-bug-5cf28cd80543?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh