Gmail Password Reset Vulnerability Rejected by Google Security Team 2013

 

 

Gmail Password Reset Vulnerability Rejected by Google Security Team 2013

 

 Introduction



As a security researcher in my free time I spend my time on both application and web application security. During one of my researches while I was focusing on auditing Session hijacking attacks on internal networks. So I started working on twitter, Facebook, Yahoo and Google, Google Mail I just surprised I found few issues on all of them! And in this article I want to explain one of my cool findings on Google Plus! Which can be used to completely compromise an account?

According to Wikipedia1, Google mail has around 425 million users in June 2012 so any serious vulnerabilities puts millions of users in risk. Finding Google mail reset vulnerability in Google Mail. 

Step I:
To find vulnerabilities you need a target and target selection is very important key in successful vulnerability discovery. After knowing the victims account use forget my password.


Step II:
So as the most important step   randomly entered last Password and dates of creation and then click next




Step III:
As per Google verification user must enter 5 email ids. From attacker side creates  a 5new email ids and send a normal mail to the victim account then we can use tis 5 email ids to reset that particular email. 

Step IV:
Enter the email id Google need to contact send the reset token.

Google Unfixed Vulnerability:


Security Researcher Noah Franklin Founded this vulnerability  and reported to Google on April 16th 2011 
 Security Researcher DinaKaran & Noah Franklin Cyber InfoSec Report this Vulnerability on August 22 2013 Later they Fixed Without any Information 


References:   
Noah Franklin’s Previous Security Research  


 

Reverse Engineering of Software Basics

 

Software Reverse Engineering






What is reverse engineering (RE)?

Disassemble or analyze in detail in order to discover concepts involved in manufacture is called reverse engineer.


Things we need : 

Download Ollydbg    ---   http://www.ollydbg.de/download.htm
Free limited days usage Software 

Steps to Perform :

1. Install ollydbg
2.Install  trail software 
3.Open ollydbg then place the software location 
5.Click Play to run the Software

Proof of Concept  :







Twitter Cookie Reuse Vulnerability on 27-Nov-13 (mobile.twitter.com)


Twitter Cookie Reuse Vulnerability

Introduction



Twitter is an online social networking and microblogging service that enables users to send and read "tweets", which are text messages limited to 140 characters. It has 200 million active users (February 2013)  - Wikipedia
Cookie isthe information that a website stores into our computer or device, with severa purposes as:
  1. Identification
  2. Save configuration
  3. Save preferences
  4. Store historical information ( as for example last purchase )
  5. Save user personal information
  6. Store the session for networked sites

Scenario

Yesterday morning Security Researcher Noah J Franklin from CyberInfoSec came across with one of the security vulnerability on the Twitter site for mobile users mobile.twitter.com. As usually do,  I logged into my twitter account and logged out, I downloaded my cookies from the browser and saved it into my desktop as cookies.txt, and again I uploaded the cookies into the browser and I automatically logged into my twitter account.
Off course its a cookie vulnerability which is not patched well on server side :)

Real Time Attack Browser Exploit

Imagine attacker posted a  tweet in his twitter with a malicious url that helps him to hook all the browser cookie  all visited attacker tweet (Browser Level Exploit Beef)  once attacker got the cookie he can again access to victim account .


  Officially We Reported to Twitter Security Team

After We got the Response from the Twitter security Team we are Publishing this to public

Explanation


Sometimes the "cookie" is not destroyed from server side,

Steps to reproduce it ( At your very own risk ) :


Step 1 : Download Mozilla  Fire Fox  install Cookie import/export addons
Step 2 : Open mobile.twitter.com and login to twitter account
Step 3 : Go to Options Export Cookie -->save it as cookies.txt
Step 4 :Log out from your Account
Step 5 : Close all the Tabs and open new Tab
Step 6 :Go to Options Import Cookies --> Select the cookies.txt where u saved .
Step 7 :Open mobile.twitter.com
Step 8 : can Tweet  from that account :)


Note : Consider This is a case while visiting a malicious website , the attacker is tries to steal the browser cookies while the user is accessing mobile.twitter.com account obviously attacker can access mobile.twitter .com cookies too , so attacker can log in to victim's account . Attacker can access victim cookies from any where in this world :)


Video Demo