E.Mail.Ru Send Edited Message Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>E.Mail.Ru Send Edited Message Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>================================================================================ # E.Mail.Ru Send Edited Message Vulnerability ================================================================================ # Site: https://e.mail.ru/ # Author: Ehsan Hosseini # Contact: hehsan979@gmail.com # Vulnerability Type: Design Issue, Privilege Escalation # Severity : High ================================================================================ # Description: https://en.wikipedia.org/wiki/Mail.Ru # PoC : Steps to reproduce ~! https://e.mail.ru/signup! !~ Step 1 : Complete SignUp Form Step 2 : Enter a Incorrect Number Phone. Step 3 : Open Live Http Headers Firefox plugin Step 4 : Submit Form Setp 5 : Repaly Request to ~ https://e.mail.ru/cgi-bin/smsverificator?&ajax_call=1&lang=ru_RU&func_name=register ~ Setp 6 : Edit domain parameter to a text. Step 7 : Edit phone parameter to a number every body you want send message to them. Step 8 : Repaly Request... Step 9 : Now Send Edited Message to NumberPhone Know See Mobile Phone see message Should see attached video and next see picture Video : https://youtu.be/cEiik4mE-pM Result : https://cdn.pbrd.co/images/gyMQ5rh1A.png # Timeline: 12 Sep 2016 - Discover Vulnerability 16 Sep 2016 - Report To Vendor 28 Sep 2016 - Mail.ru Confirmed This Issue 28 Sep 2016 - Mail.Ru rewarded $150 bounty. 01 Jan 2017 - Public Disclosure # Discovered By : Ehsan Hosseini # Spx Tnx : Porya </BODY></HTML>
