Flawed account creation process allows registration of usernames corresponding to existing file names

From Hackipedia
Jump to: navigation, search
Hackerone #477
Target: Hackerone
Target Module:
Type: Best Practice/XSS
Payload:
Original: Link
CVE:
Archive Screenshot

With the normalization of RESTful APIs user provided information can collide with directories and files that are already in place. This can cause as simple as routing issues, but may also lead to the loss of a service. The same type of attack should also be check for subdomains. Certain online services (Slack, Shopify, etc) provide accounts via http://username.example.com. Existing subdomains may also be vulnerable to collision attacks.


How To Perform

  1. Observe and note URL directories/files that are being used by web application (/robots.txt, /api, /view)
  2. Create accounts that will cause there to be a collision.