Logical Flaw Resulting Path Hijacking

Hello, amazing people! I hope you are doing well. I am back with my new write-up. In this write-up, I will explain a logical flaw that I found on one target resulting in the hijacking of the path. So let me explain it in short.

While testing on redracted.com, I found that it was not checking and verifying the username eligibility properly. Someone could signup using any existing pathname and takeover the path result, resulting in the overwrite of the path when visited.

How Did I found it?

I signed up with the username “index.php,” then visited my profile and noticed that upon visiting retracted.com/index.php, my profile was popping up. Then I quickly notified them with my index.php username account as POC. The next day, they approved and acknowledged me.

What is the Impact?

The Impact of this bug can be pretty high, can cause bad actors to simply signup using usernames such as signup.php, signin.php, and many similar usernames and can take over the path which might cause a big issue to the organization by making those signup, signing pages unavailable.

Take-Aways:

Try to signup using general path names such as index.php, signup.php, signin.php, and check if visiting those paths shows your profile. If it does, it may be vulnerable.

You can find me here if you wish to connect with me.

Good Bye Till Next Writeup, May luck favors you. Keep hacking. Stay safe!!