PII Disclosure | CSRF | Open Redirect

A security researcher has revealed a chain of vulnerabilities found in a public programme that could have enabled an attacker to escalate the impact.
The vulnerabilities involved were PII disclosure, CSRF, open redirect and CORS misconfiguration.
The security researcher first used subdomain enumeration, using a combination of Amass, Subfinder andhttpx-pd to find subdomains.
These were then automated and inspected for interesting targets.
One was found that had login functionality that used OAuth.
While this looked secure, the site was also found to be vulnerable to CORS misconfiguration, allowing stealing of PII data from users.
However, this vulnerability only affected customers already logged onto the third-party service.
Therefore, the researcher looked for a way to increase the impact on all users from the main site, discovering an open redirect vulnerability.
This was also vulnerable to CSRF, allowing victims to be sent to the malicious site after authenticating on the subdomain, exposing profile data.

Fast Feed