Hi There,

Renganathan Here, I’m an Ethical Hacker & a Security researcher.

I’ve been acknowledged by LinkedIn, United Nations, Medium, IRCTC & 20+ companies for reporting security vulnerabilities in their web applications.

What’s Expy

Expy is the only link you need to share all your websites and content, plus offer monetizable services and with more customizable features. It’s kind of similar to Linktree, a link in bio tool. Moreover it’s Indian made :D

I’m was linktree user but later switched to Expy Bio ^_^

Here’s my Expy Link: expy.bio/Renganathan

So I was using the application and designing my own Expy page.

Suddenly I got an idea to test for security vulnerabilites so I switched to the heckur mode!

On Making any changes to expy account the below POST request is made

{name: "JM_Name", JM_Name: "Renganathan", JM_ID: 420}

So the server is using the JM_ID to validate the request, I thought of testing an IDOR here :D

I created another account and change the JM_ID, BOOOOOM! The Details on the other page was changed :D

Which means I can customize the page of any users :P

I later tried an XSS payload in the name field I added

“><script>alert(1)</script>

BOOOOOOM! This worked! Whenever someone visists my expy bio page they get an alert(1). This can be used to steal the cookies of any users and perform account takeover :D

I reported to the Twitter handle of them twitter.com/expybio and It was soon patched :D

Tip: Be Alert during each and every request and response made to the server :D

Thanks for reading :)
Stay Safe.

https://www.instagram.com/renganathanofficial

https://twitter.com/IamRenganathan