Skip to main content

Google Blogger- Insecure Implementation of Request Limiter | Google Honourable Mentions | Rishu Ranjan







The security issue allows a malicious actor to bypass the naive security implementation of rate limiters. This allows an attacker to abuse the functionality of profile view count and increases them indefinitely. The following are the steps to reproduce wherein I have used my own blogger account (https://www.blogger.com/profile/09844396241453600561)





Acknowledgment: Google Honourable Mentions (https://bughunter.withgoogle.com/rank/hm/9)

Steps to reproduce:

Implementation of Request Limiters

  1. Open blogger profile(above mentioned URL) and note the profile view count as shown in Exhibit-1.

Exhibit-1

  2. Capture the request in a proxy server such as Burp suite.
  3. Send the captured request to Burp intruder as shown in Exhibit-2 and set the payload(null) to 1000 which will send 1000 requests to the server (Exhibit-3).

Exhibit-2

Exhibit-3

 4. As shown by Exhibit-4 the naive security implementation blocks the automation attack after 300 requests, by implementing the Google CAPTCHA to redirect the request to the CAPTCHA request.

Exhibit-4

Bypassing Implemented Request Limiters

  5. To bypass the security implementation, send the blocks of requests PARALLELY to the server with each block containing 299 requests as shown in Exhibit-5.

Exhibit-5


  6. As shown by Exhibit-6 the naive security implementation is bypassed and the profile count is increased accordingly.

Exhibit-6


Attack Scenario:

Blogger user can increase the Profile view count for any user for his benefit or hamper any other user reputation. All blogger users profile URL is assessed and iterated without any login.

Popular posts from this blog

Start from 0 to Zero Day in cyber security world | Cyber Security Common Terms | Introduction

"Today I have read Hacker attacked the cyber security world with new attack. Who is Hacker? What is cyber security?" These type of news is very common now-a-day and same question comes to your mind. So this article is for newbie like you or person who want to know cyber security from scratch and related words or terms used. (This list will be updated regularly)