Javascript, i love you !!!

The art of bug bounty comprises a lot of things to check and sometimes no all of them are check, but you should have in mind one that should be reviewed thoroughly: the javascript files. Through this language, web pages become more dynamic (jquery) or extend their functionality (validations, requests to external resources, APIs, etc.). Sometimes are non-ofuscated plain text files showing its methods, other times are ofuscated files and hard to review, but most of times this files contain juicy information waiting for us.

In the following article, we will cover a simple admin access to an application with only reviewing a Javascript file.

PROCESS

Accessing to domain “https://redacted.comit was not shown anything important, just a web page like any other, so we don’t need any evidence.

Reviewing traffic in web proxy, it was shown a request to the Javascript file “https://redacted.com/js/main.js” in which it was detailed the following endpoint:

Navigating to “https://redacted.com/administration/login”, as obvious, an admin login form was shown. Nice !! :

Some login attemps were tried with default passwords like admin/admin but there were no success:

After searching for any other vulnerabilitieswithout success, it was observed that some other Javascripts files were requested while loading admin portal:

While taking a look in “admin-login.js” file content, it was identified the following line, which took my attention:

That line was verifying that if exists an item called “token” in localStorage with value “loggedadmin”, the application redirects to “/administration/app”. So easy ??.

Then, i went to “development tools” and created a new item in browser:

Reloading the application, a redirection to “/administration/app” was done and access to internal application as “admin” was granted, showing information from “customers” and “orders”:

Vulnerability was fixed and a humble reward was received !!! .

CONCLUSION

Sometimes, we get frustrated with some webs and go through things that are very valuable, so remember to check everything.

I hope you liked it.

Don’t give up, great things take time.”

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *