One Endpoint to Rule Them All: How I Chained 3 Bugs into Full Account Takeover
1 min read
Summary
A cybersecurity expert has explained how they were able to gain full control of a banking application’s account using a series of three bugs.
The expert found a blind SQL injection, meaning the bug did not reveal sensitive information about the server, but could be exploited.
After further investigation, the expert found an endpoint vulnerability, and discovered that optical character recognition could be used to extract sensitive information.
The expert then managed to use a cross-site scripting vulnerability to retrieve a user’s cookies, which would grant them full control of the user’s account.
The expert claims that “Silence is golden… but in bug bounty, silence just means your XSS payload hasn’t exploded yet.”
The full account takeover was possible because each bug and the ways it could be exploited were not properly understood, Therefore, effectively chaining the three bugs led to full control of the account.