Paytm-Broken Link Hijacking
2022-2-1 14:22:52 Author: infosecwriteups.com(查看原文) 阅读量:35 收藏

Lohith Gowda M

Hello Everyone….

Lohith Here, (Sr.Security Engineer & Ethical Hacker from Bengaluru). ‎‎‎‎‎I hope you all are doing well.

This write-up is about Paytm Broken Link Hijacking Vulnerability.

Broken Link Hijacking (BLH) is a web-based attack where the attackers take over expired, stale, and invalid external links on credible websites/ web applications for malicious purposes. More Info 👉 BLH.

The domain has normal login functionality. Typically, I will look for rate-limit, password token issues, and so on. So I started hunting for rate-limit and password token-related issues, but no luck.

After some time, I was just checking emails on my mobile. So that time, I just opened this forgot password email. Usually, I will check all the links on the email template, like social media.

Here I found 3 social media links: Facebook, and Twitter.

Password Reset Email Template

I just opened the Facebook link and it redirected me to their official Facebook page. No issues here. Then I opened the second Twitter link, and that link was broken. It’s redirected to an invalid Paytm blog page. However, there is no impact in this case. Because that domain is owned by Paytm only.

Here is the interesting part…

Then I opened the 3rd twitter link and it redirected to.…….😁

Broken Twitter Link

Yeah…. It redirects to the Twitter error page (“This Account doesn’t exist”). It means there is no user account with this username.

Hacker Mode On 🎭…

Immediately, I created a fake Twitter account and I changed my user name to this user name.

Username Updated

The final part…

Whenever a Paytm user requests a forgot password, and if he clicks the Twitter link on the email template, he will be redirected to this account.

Report Details:

  • Dec 24, 2021, 08:14 PM— Reported to Paytm Security Team.
  • Jan 03, 2022, 02:44 PM — First Response from Paytm Security Team.
  • Jan 13, 2022, 06:47 PM — Paytm Security Team fixed the issue.
  • Jan 13, 2022, 07:24 PM— Re-tested & confirmed the fix
  • Jan 19, 2022, 09:53 AM — Awarded an Appreciation Certificate

文章来源: https://infosecwriteups.com/paytm-broken-link-hijacking-11624e4e9eef?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh