hi, this is my first write up on medium.com.
11 days ago i found a vulnerability on scribd.com when i finding an answer of my homework ( I was lazy at that time).
then I made a document and made the document private
In my heart I thought that the download button made me curious, so I decided to intercept before pressing the download button. and I found a Request with the POST method in the url: https://www.scribd.com/document_downloads/request_document_for_download
Then I will make a document and give a password (make private) the document and try to get access from another account. After that I created a new account and made a CSRF whose contents were more or less like this:
<title> Scribd VUlnerability </ title>
<form action = “https://www.scribd.com/document_downloads/request_document_for_download" method = “POST”>
<input type = “hidden” name = “id” value = “(ID FILE)” />
<input type = “submit” value = “Submit request” />
and try to do pentesting.
Bingo! after that I managed to get the password to see the private document. After that I asked whether there was a bug bounty program or not to the IT security scribd. after 11 days (When I wrote this) I immediately reported this bug to the Scribd team so that it could be fixed.
Full Video PoC on my Blog :
My Youtube Channel :
- 19 November 2018 16:59 PM = Reported To Scribd Security Team
- 20 November 2018 01:58 AM = Their team Review my report
- No response after 4 Days, so i decided to Write Up this issue