user enumeration at https://webhacking.kr/ in signup

Writer zemrx Program webhacking.kr

WEB Not applicable Low No Reward Created: Jun 30, 2022 (2 years ago) Last Updated: Jul 17, 2022 (2 years ago)

Weakness

user enumeration and lack of rate limit

Description

  1. [send a request to signup]
  2. [ intercept the request via proxy ]
  3. [use intruder to modify request and send it multiable times you will notice that there is no rate limit]

##request >
POST /login.php?join HTTP/1.1
Host: webhacking.kr
Cookie: PHPSESSID=k06kp7lgb908irlhrp25d7or20
Content-Length: 78
Sec-Ch-Ua: “Chromium”;v=“103”, “.Not/A)Brand”;v=“99”
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Sec-Ch-Ua-Platform: “Windows”
Content-Type: application/json
Accept: /
Origin: https://webhacking.kr
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://webhacking.kr/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

{“id”:“drako”,“mail”:“example@gmail.com”,“pw”:“44677948”,“pw2”:“44677948”}
##respone >
HTTP/1.1 200 OK
Date: Thu, 30 Jun 2022 16:41:11 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 46
Connection: close
Content-Type: text/html; charset=UTF-8

{“stat”:false,“ret”:“*Userid already existed”}##impact

##Impact
leaking userids and emails

Timeline

zemrx submitted ticket. June 30, 2022 (2 years ago)
rubiya MANAGER changed the status from 'Submitted' to 'Not applicable'. June 30, 2022 (2 years ago)
rubiya MANAGER changed the disclosure from 'Closed' to 'Disclosed (Full)'. June 30, 2022 (2 years ago)
rubiya MANAGER posted a comment. June 30, 2022 (2 years ago)

발견된 취약점의 영향도가 미비하여 공격자에게 악용될 소지가 현격히 낮은 취약점으로 판단하여 Close하겠습니다.