Forskere har vist oplysninger om visse sårbarheder inde web og mobile anvendelser af de populære websteder Yahoo, PayPal, Shopify og Magento. Dette kunne have ført til phishing-angreb, kapring af sessioner og endda, tyveri af konti.
Vulnerability Lab researchers Ayoub Ait Elmokhtar, Benjamin Kunz Mejri, Ebrahim Hegazy and Hadji Samir have made discovery of the bugs earlier this year, but only now have they revealed them publicly.
The PayPal Vulnerabilities
Three separate concerns have been found in PayPal’s security, specifically in its web applications. The most serious of those concerns is a vulnerability found in PayPal’s authentication check, which purpose is to approve the legitimate account owner. The vulnerability could have led to a bypass of that verification process by an attacker.
Even when 2-step verification is enabled on the application, where a user gets blocked if typing in wrong credentials, the account could again be penetrated. Two weeks ago, Benjamin Mejri stated on the topic that a user can get into another user’s account via the mobile Application Programming Interface just by replacing old, expired cookies with newer, working ones.
Among the possible 2-step authentication bypass, there was a recent patch by PayPal which was to affect an open-redirect-web vulnerability, found by Ayoub Elmokhtar, which could have been remotely exploited. That vulnerability addressed another that was a stored cross-site scripting bug in the Online Service Web Application, which could have been exploited for the purchase of various goods or transferring of funds. This particular discovery was made by Ayoub Elmokhtar.
The Yahoo Vulnerability
There was another matter of concern that the researchers disclosed regarding Yahoo’s site for advertisers – Gemini. More specifically there was a CSRF (Cross Site Request Forgery) insekt, which could have allowed an attacker to insert malicious code to jeopardize the client-side application to browser requests and the session data.
The Shopify and Magento Vulnerabilities
Sidste, men ikke mindst, the researchers have uncovered two different relentless file name vulnerabilities in two platforms for e-commerce – Shopify and eBay’s Magento. Those vulnerabilities could have led an attacker to remotely put in their own malicious code in the service modules of the applications. If that would have happened – it could have led to a series of problems for the two applications, such as hijacking of sessions, relentless phishing attacks, relentless redirects to outside sources with malicious content, blandt andet.
The most recent vulnerability that researcher Hadji Samir found was in Magento site’s module for bug reports. An attacker could have uploaded a script of payload code as a filename through a “post” and the script to execute, instead of a bug report being posted.
What do you make of all of this? Should the researchers have exposed the bugs sooner or even, immediately after they had discovered them? Do you still feel safe using the above-mentioned sites, even with those certain vulnerabilities being fixed?