Seeing
the bugs of the zoom meeting, an idea came to my mind that let's play with the
zoho meeting. First of all, its functionality is understood. 🤔I myself created the
meeting host and joined. I saw the meeting id is numeric (10 digits). It came
to my mind that Can I know the meeting id of other users.
 |
| Picture 1.0 |
The
first way is to Brute force the meeting id . I used intruder to extract other
users meeting id , oh no my ip got blocked for some minutes. Mean
rate limiting is in place.
I tried to bypass the rate limit. but no success . i Used every headers like X-Forwarded-For , X-Remote-IP, X-Forwarded-Host , X-Originating-IP. but no success 😒😒.
So I
went around the all the headers and cookies values. I Manipulated every cookie
value but hey. i see there is a ZMEET_CSRF_TOKEN =x.x.x.x.x.xx IN JOIN
REQUEST.I manipulate the ZMEET_CSRF_TOKEN And again hit request .
hey I bypassed the rate limit. 😉😉😉
Now
time to extract other users meeting id , I used intruder on token and meeting
id , i was able to extract min 200 people meeting id .
I HAVE MEETING ID OF OTHER USERS ? an idea came to my mind Can i Join without any restriction. 🤔🤔🤔🤔.
Timeline :
April 5, 2020 - Bug Reported to ZOHO
April 10 , 2020 - Status changes to Triaged | Explained how to
reproduce the bug
April 23, 2020 - our team is still working on this. We'll get
back to you as soon as we have an update
May 9, 2020 - Nice Catch! from ZOHO❤
May 9, 2020- Bounty Awarded $$$
While
doing bug bounty you have to check everything in request and response.
Comments