GetPocket getpocket.com CSRF (Cross-Site Request Forgery ) Web Security Vulnerability
Domain: getpocket.com
"Pocket
was founded in 2007 by Nate Weiner to help people save interesting
articles, videos and more from the web for later enjoyment. Once saved
to Pocket, the list of content is visible on any device — phone, tablet
or computer. It can be viewed while waiting in line, on the couch,
during commutes or travel — even offline. The
world's leading save-for-later service currently has more than 17
million registered users and is integrated into more than 1500 apps
including Flipboard, Twitter and Zite. It is available for major devices
and platforms including iPad, iPhone, Android, Mac, Kindle Fire, Kobo,
Google Chrome, Safari, Firefox, Opera and Windows." (From:
https://getpocket.com/about)
Vulnerability Description:
Pocket has a computer cyber security bug problem. Hacker can exploit it by CSRF attacks.
"Cross-Site
Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they're currently
authenticated. CSRF attacks specifically target state-changing requests,
not theft of data, since the attacker has no way to see the response to
the forged request. With a little help of social engineering (such as
sending a link via email or chat), an attacker may trick the users of a
web application into executing actions of the attacker's choosing. If
the victim is a normal user, a successful CSRF attack can force the user
to perform state changing requests like transferring funds, changing
their email address, and so forth. If the victim is an administrative
account, CSRF can compromise the entire web application." (OWSAP)
Tests
were performed on Microsoft IE (9 9.0.8112.16421) of Windows 7, Mozilla
Firefox (37.0.2) & Google Chromium 42.0.2311 (64-bit) of Ubuntu
(14.04.2),Apple Safari 6.1.6 of Mac OS X v10.9 Mavericks.
Vulnerability Details:
The code programming flaw exists at "https://getpocket.com/edit/edit" page, i.e.https://getpocket.com/edit?url=http%3A%2F%2Fwpshout.com%2Fchange-wordpress-theme-external-php&title=
Vulnerable URL:
https://getpocket.com/edit?url=http%3A%2F%2Fwpshout.com%2Fchange-wordpress-theme-external-php&title=
Use a website created by me for the following tests. The website is "http://itinfotech.tumblr.com/". Suppose that this website is malicious. If it contains the following link, attackers can post any message as they like.
<a
href="https://getpocket.com/edit?url=http%3A%2F%2Fmake.wordpress.org%2Fcore%2F2014%2F01%2F15%2Fgit-mirrors-for-wordpress&title=csrf
test">getpocket csrf test</a> [1]
When
a logged victim clicks the link ([1]), a new item will be successfully
saved to his/her "Pocket" without his/her notice. An attack happens.
No comments:
Post a Comment