User agent spoofing in email notification – Bug Bounty POC
user agent Spoofing Vulnerability
Hello Bug Bounty Poc Viewers, This is Behroz and today i will share one of my old finding on itbit that how i found User agent spoofing in email notification,The impact of this vulnerability was any one can send his malware link in notification email to user just by one unsuccessful login attempt.
While testing itbit i found that Itbit sent failed login notification to user upon every unsucessful login attempt containing the user-agent,ip of user ( who is trying to login) and time of login attempt.so i did an unsucccesful login and intercept the request using proxy tool ( burp suite) and find out that the user-agent was changable.now i just change the user-agent in strings and forward the request :
POST /login HTTP/1.1
User-Agent: for more: evil.com Firefox/41.0
Accept-Encoding: gzip, deflate, br
Cookie: _ga=GA1.2.560433933.1459265794; _ga=GA1.3.416dffa8-540a-4179-8dff-a24e0e6873a9; mp_58b450bf11a452b210eaead39606f34f_mixpanel=%7B%22distinct_id%22%3A%20%22416dffa8-540a-4179-8dff-a24e0e6873a9%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fexchange.itbit.com%2Flogin%22%2C%22%24initial_referring_domain%22%3A%20%22exchange.itbit.com%22%7D; _gat=1; itBit.b=s%3Aad4d4954-d840-4770-8a48-e04a42e1e7ae.w3Ch7tZ%2FOdKQqd5AezHUthl0fQzOOOgnMKlbo7qIlTo; itBit.c=1XqktRAY2B0jsHjEL0b7Df4X; itBit.s=s%3A92c83bbb-dd9f-46a9-a3e8-aae06faae173.%2Bxv8uihkz8MLB2QtADvfpLSS8zr0L1NjLV9Qx%2BFqgIk
after forwarding request i check my email and i got the motified user-agent in mail which i change there 😀
i was like :
User agent spoofing in email notification Bounty :
not satisfy with bounty for this bug.