Bitcoin Forum>Alternate cryptocurrencies>Marketplace (Altcoins)>Service Discussion (Altcoins)
Author

Topic: Public vulnerability disclosure - CSRF in Bountyportals (Read 162 times)

Crypto Girl
sr. member
Activity: 980
Merit: 294
Public vulnerability disclosure - CSRF in Bountyportals
April 08, 2019, 02:58:51 AM
#4
Quote from: hatshepsut93 on April 05, 2019, 09:20:32 AM

10 days is more than enough time to fix it, a good programmer would fix it in an hour or two, so I have disclosed this vulnerability publicly to warn the users about it, because they are in danger and the owner seems unwilling to fix it.
Shoot, that's too bad and seems the owner doesn't care about the people using it. I'm betting eventually some will rant here that their account got hacked. Hope this serves as a warning.

Quote from: elda34b on April 05, 2019, 08:22:59 AM
Hopefully, no one uses this 'bug' to steal somebody work.
They now have an idea since you said it.
hatshepsut93
legendary
Activity: 3024
Merit: 2148
Re: Public vulnerability disclosure - CSRF in Bountyportals
April 05, 2019, 09:20:32 AM
#3
Quote from: elda34b on April 05, 2019, 08:22:59 AM
Have you notified Bountyportal about this? Or post on their ANN thread directly? I think that way they can respond more quickly because I doubt Bountyportal guys lurk in this board 24/7.

Yes I did, it's in the post:

Quote from: hatshepsut93 on April 04, 2019, 07:41:14 PM
10 days ago I've discovered a Cross-site Request Forgery vulnerability on this site  and immediately contacted the owner (irfan_pak10). He told me that his developer will check it, but the vulnerability is still there today, even though it's very easy to fix it.

10 days is more than enough time to fix it, a good programmer would fix it in an hour or two, so I have disclosed this vulnerability publicly to warn the users about it, because they are in danger and the owner seems unwilling to fix it.
elda34b
sr. member
Activity: 910
Merit: 351
Re: Public vulnerability disclosure - CSRF in Bountyportals
April 05, 2019, 08:22:59 AM
#2
Have you notified Bountyportal about this? Or post on their ANN thread directly? I think that way they can respond more quickly because I doubt Bountyportal guys lurk in this board 24/7.

Hopefully, no one uses this 'bug' to steal somebody work.
hatshepsut93
legendary
Activity: 3024
Merit: 2148
Re: Public vulnerability disclosure - CSRF in Bountyportals
April 04, 2019, 07:41:14 PM
#1
Bountyportals (https://app.bountyportals.com/) is a popular platform for bounty hunters, and unfortunately it has pretty bad security. 10 days ago I've discovered a Cross-site Request Forgery vulnerability on this site  and immediately contacted the owner (irfan_pak10). He told me that his developer will check it, but the vulnerability is still there today, even though it's very easy to fix it.

1. POC

Login into bountyportals account (create one if necessary), then visit my demo site from the same browser in a different tab: https://codepen.io/learningtocodein2018/pen/LaMMXB

This will change your ETH address into "hacked" on your profile page.

2. Impact

Attackers can easily replace users account details with their own if users will visit attacker's site and are logged into their bountyportals account. Probably the worst thing attackers can do is replace victim's ETH and BTC addresses with their own, thus stealing money on future payouts.

3. Mitigation

I'm making this report in order to help people protect their accounts, so here's a list of tips:

  • login into bountyportals only with secondary browser or in incognito mode
  • always manually log out when you are done
  • install noscript addon for your browser
  • always verify that the address in your profile is still yours
  • don't visit shady sites, don't click on suspicious links
Bitcoin Forum>Alternate cryptocurrencies>Marketplace (Altcoins)>Service Discussion (Altcoins)
Jump to: