Skip to main content

Credentials Leakage due to improper Cache Management


                     Lets first disccuss about the what is Web Cache and why it used?

Web cache:

A Web cache (or HTTP cache) is an information technology for the temporary storage (caching) of Web documents, such as Web pages, images, and other types of Web multimedia, to reduce server lag.

WHY IT IS USED?

When you visit a website, you don’t just need to retrieve the content of the page you’re seeing — you also need a bunch of resources such as JavaScript files, stylesheets, and fonts and so on, which your browser downloads in addition to the content of the page.

Browser caching allows your browser to store these files for a while, so it doesn’t need to retrieve them every time you visit the site.

The first time you visit this site (WinningWP.com), for example, you’ll receive a bunch of resources that your browser will immediately cache. This first will likely take a few seconds to completely download, but the next time you visit you’ll notice a significant decrease in load time (as much as a second or more, in fact).

WHEN WEB CACHE BECOMES IMPROPER CACHE MANAGEMENT?

WEB CACHE BECOMES IMPROPER CACHE MANAGEMENT when browser cache sensitive pages of application like after login pages user information, or any sensitive pages that are not visible to an unauthorized user.

Like for example:
If you login into any application, you browse the application functionality after login and logout from the application.
Now when you hit the back button, you see the previous visited pages after login shown.


LETUS DISCUSS THE ISSUE THAT I FOUND:
-------------------------------------------------------------

You notice the nowadays developer implemented 2fa for an extra level security on application. Means when an user enter credentials in application login and submit after verify it, application ask for 2fa (like otp that is received on mail, message or google authenticator ).

1     At first I register on application (like xyz.com) , at the registration time  you also have to set 2fa on account .
     Now open login page and enter credentials .after verifying credentials  2fa page is opened.
d   
4. Now enter 2fa and login into account.
5. Now logout the account . You will be redirect to login page.
6. Now press back button . After pressing one or two times 2fa page are opened. It means 2fa page is saved in cache.
7. but this have no any impact on application . i think on this how i become impactful or how i steal user credentials.
8. again i  open application login page and submit user name and password , it redirected to  2fa page, now i view source of page. i got the user name and password in source.

 9. now i enter 2fa and login into application.
 10.again i logout the application and hit back button 2 times . 2fa page is shown because it is saved in cache.
11.  I also view source of that page. great i got the username and password:
--------------------------------------------------------------------------------------------------------------------------

 For this company xyz.com gave me 300$.

Conclusion: As a web application pentration tester you have to check everything in application , nothing is impossible. you can make a low impact vulnerability to high impact.

Thanks




Labels:

Comments

Post a Comment

Popular posts from this blog

Passcode Protection Bypass By Brute Forcing On zoho (Cliq Application)

First We discuss about what is passcode and Why it is Implemented in  Mobile Applications. PASSCODE Implemented in Mobile Application to protect Applications from an Unauthorized Access.like for example your cliq or any application account is logged in mobile phone .any your friend ask you to give phone , your friend try to open cliq application to see your message, but your friend cant open the application without entering passcode . he have to enter passcode for open, so it is an extra layer security in  applications. Passcode protection implemented in Android Application is an extra layer security to protect an unauthorized access. How Passcode Protection is bypassed by Bruteforcing? You know that passcode protection or pin protection in mobile applications have some attempt to enter passcode , if you enter  wrong passcode more than 5 times or 10 times based on application security , User logged out automatically and redirected to login page.but due to some ...
3 comments
Read more

Exploitation of Improper Export of Activities In Android Application

In android You know that every GUI interface is an  separate activity. An activity represents a single screen with a user interface just like window or frame of Java. In An application there are many activities depend on application functionalities. Let's take a example : An application that have   three modules login , register and   dashboard . For that there are there are three different activities for all these modules. What is export Means Here? In Android Application there is an attribute android: exported =true or false . This attribute is used in android   to provide an access to   other third party application to start their service , activities   and receive broadcast   messages. Like for an Example : If an application    have broadcast receiver to receive any events or message , if in that application exported attribute is set to true then this    broadcast message   can also receive by other thi...
Post a Comment
Read more

A New Way Of Brute force Passcode/Pin Protection By deep link

DESCRIPTION : AS you know already that what is passcode protection and why it is applied ? And how it is bypassed normally ? If you don’t know please read my previous blog:   https://negativewives.blogspot.com/2020/04/passcode-protection-bypass-by-brute.html                                                                                When any passcode protection is implemented first check any activity is exported or not ? Here we  only talking the scenario where no activity is exported in application   PROCEDURE : Open Application after implementing passcode protection. You see that passcode activity is launched first Go to AndroidMainfest.xml file and check launch mode of passcode activity . Question Arises in your mind   - ...
Post a Comment
Read more