Tuesday, October 29, 2013

Bitdefender Security Breakdown - LFI/OAuth/XSS vulnerabilities

5:21 PM Posted by Alexandru Coltuneac (dekeeu) , , , , , , No comments

Summary


Bitdefender websites were vulnerable to some web flaws that could allow an attacker to obtain arbitrary local files from the web server or hijack users sensitive information.


Vulnerability Details



  • LFI (Local File Inclusion)
    The vulnerable script was located here :
    http://www.bitdefender.com/downloadFile.php?language=in&fileName=pok.txt&filePath=../../../../../../etc/passwd


    Usually this script was used to download files from the web server but due an improper validation, filePath parameter allowed an attacker to download and read any file from the target server.




  • OAuth Bug
    This vulnerabiliy was caused by an unvalidated url redirect and allowed me to steal users access token.

  • XSS (Cross-Site-Scripting)
    And a xss vulnerability in one of Bitdefender subdomains.



Thanks,

@dekeeu

0 comments:

Post a Comment