Saturday, April 16, 2016

Authorization Bypass mixed with XSS in GiftCards

One of my favourite findings in the bug bounty programs is the one I reported to GiftCards. Although big part of it was considered a duplicate report; however, it was beautiful.

GiftCards provides selling eGift cards online.

I played in the Group Gift Manager section

I started editing a gift that I have already created and a wizard started.

I played with the intercepted  HTTP request and I made two attacks at the same time

I put the id of a Gift belonging to another user and I put a script in the body of the Gift receiver info and then

The script worked in the Dashboard page of the owner of the edited Gift ID. The authorization bypass issue existed in several steps of editing Group Gifts.

GiftCards fixed the issue. Acknowledgement is over