Fragile Data visibility & Performing actions with respect to the target

Fragile Data visibility & Performing actions with respect to the target

As much as this time, we’re able to launch the OkCupid mobile application utilizing a deep website website link, containing a harmful JavaScript rule into the part parameter. The screenshot that is following the ultimate XSS payload which loads jQuery and then lots JavaScript rule from the attacker’s host: (take note the top of part provides the XSS payload together with base section is the identical payload encoded with URL encoding):

The after screenshot shows an HTTP GET demand containing the ultimate XSS payload (part parameter):

The host replicates the payload delivered previous within the part parameter as well as the injected JavaScript code is performed into the context for the WebView.

A script file from the attacker’s server as mentioned before, the final XSS payload loads. The loaded code that is javaScript be utilized for exfiltration and account contains 3 functions:

  1. steal_token – Steals users’ verification token, oauthAccessToken, therefore the users’ id, http://www.datingrating.net/adult-friend-finder-review userid. Users’ sensitive information (PII), such as for instance current email address, is exfiltrated aswell.
  2. steal_data – Steals users’ profile and data that are private choices, users’ characteristics ( e.g. responses filled during registration), and much more.
  3. Send_data_to_attacker – send the data collected in functions 1 and 2 into the attacker’s host.

steal_token function:

The big event produces A api call to the host. Users’ snacks are provided for the host because the XSS payload is performed within the context regarding the application’s WebView.

The host reacts by having a vast json containing the users’ id while the verification token also:

Fortsätt läsa Fragile Data visibility & Performing actions with respect to the target