#BugBounty — How Snapdeal (India’s Popular E-commerce Website) Kept their Users Data at Risk!
Hi Guys,
This is my first blog after doing some bug-bounty for few months. This blog illustrates how I was able to access the user's data of snapdeal without their knowledge and interaction. While I was shopping on snapdeal website and during checkout, I came to a thought that — IS THIS IS SAFE TO ENTER YOUR DATA.
That is how I started to do some recon and content discovery in snapdeal and I discovered an endpoint “https://www.snapdeal.com/monitoring”. So let’s not waste more time and get started how do I able to access snapdeal users account.
In that web directory, I started fuzzing with every link and option I see without realizing that it as cookies itself for the active users in the View Http Sessions.
Next what enter into anyone sessions and stole their cookies and start messing with their cookies. Intercept the request of your logged-in account in the burp suite and change the username & cookies of your account to anyone. And voila I successfully get complete access to anyone's account.
Report Details:
Type of Bug: Insecure Storage of Sensitive Information(CWE-922)
Timeline :
12-Dec-2019: Notified the snapdeal team in the mail but no reply.
19-Dec-2019: Notified the snapdeal team on twitter and later that day vulnerability got fixed.
Thanks for reading!