Vulnerability on Habrahabr or how to steal an invite
It all started with an attempt to get an invite for Habr with white methods, but, alas, it turned out differently and the invite went in an absolutely dishonest way, I would like to tell the brave souls about this story.
I apologize in advance to the user who was unlucky and whose invite was used by me.
As always, I was in search of an interesting topic for an article to which I would have paid attention and sent an invitation to Habr, and I was visited by an interesting idea: “What if you find some kind of vulnerability at the habr and write about this article?”
Everything, the purpose has been chosen, and I have started searches of bottlenecks of a site:
')
After long attempts, I stopped at the invitation download page, then after several experiments it became clear that the image should be in PNG format (because the form did not respond to other formats), I downloaded the first available image and saw that in response the Ajax returned some then id
which was substituted into a hidden form field as a kind of invite_code
Further experimenting, I realized that this is a kind of counter of downloaded files, I assumed: “and what if you substitute this ID in the field, just change the value to +2 or +3”, it turned out that when I sent the form with a substitute id, the system would perceive as if i had posted an invitation to the site. And indeed, after 10 minutes of captcha input, I managed to intercept the id file of the invitation of another person and naturally, before it managed to enter a captcha and, voila !!!, I received a message that the settings were saved, I immediately go to my page and see
My joy knew no bounds, finally I am a full member of the community.
I immediately unsubscribed to the caliper, even called the phone number of the TM company, within half an hour I was contacted by mail by those. A company specialist I explained in detail this vulnerability. An hour later, the vulnerability was localized, I received thanks from the company in the form of an invite, which actually stole.
Once again I apologize to the victim.
I apologize in advance to the user who was unlucky and whose invite was used by me.
As always, I was in search of an interesting topic for an article to which I would have paid attention and sent an invitation to Habr, and I was visited by an interesting idea: “What if you find some kind of vulnerability at the habr and write about this article?”
Everything, the purpose has been chosen, and I have started searches of bottlenecks of a site:
')
After long attempts, I stopped at the invitation download page, then after several experiments it became clear that the image should be in PNG format (because the form did not respond to other formats), I downloaded the first available image and saw that in response the Ajax returned some then id
which was substituted into a hidden form field as a kind of invite_code
Further experimenting, I realized that this is a kind of counter of downloaded files, I assumed: “and what if you substitute this ID in the field, just change the value to +2 or +3”, it turned out that when I sent the form with a substitute id, the system would perceive as if i had posted an invitation to the site. And indeed, after 10 minutes of captcha input, I managed to intercept the id file of the invitation of another person and naturally, before it managed to enter a captcha and, voila !!!, I received a message that the settings were saved, I immediately go to my page and see
My joy knew no bounds, finally I am a full member of the community.
I immediately unsubscribed to the caliper, even called the phone number of the TM company, within half an hour I was contacted by mail by those. A company specialist I explained in detail this vulnerability. An hour later, the vulnerability was localized, I received thanks from the company in the form of an invite, which actually stole.
Once again I apologize to the victim.
Source: https://habr.com/ru/post/176481/
All Articles