Open in app

Sign in

Write

Sign in

How to Identify Some of the Easiest P4 Bugs 🐞✨

Aman Bhuiyan
3 min readDec 2, 2024

--

Exif Geo Location

  1. Visit example.com
  2. Go to the Upload option on the website
  3. Upload the image with EXIF metadata.
  4. Please right-click on the image and download it.
  5. Visit https://jimpl.com
  6. Upload the downloaded image and check for sensitive data.

Broken authentication — Failure to invalidate session on logout

  1. Go to the URL — example.com
  2. Open the same account on two different tabs on the same browser — Browser A
  3. Click on the Logout from one tab — TAB A
  4. Once the session is terminated, go to the second tab (TAB B) update some data, and save it
  5. After changing the data, click on the refresh button.
  6. The data will be updated.

No rate limit on reports for other user comments

  1. Visit page https://example.com/blog/page4/report-comment?comment_id=33
  2. Report this comment and capture the request in Burpsuite
  3. Send this request in burp suite intruder and start the attack
  4. After a few minutes, the user comment was deleted

Email Verification Bypass

  1. Unprotected Account Activation URLs — example.com/verify?user_id=1234
  2. Predictable Verification Tokens — example.com/verify?token=abcd1234
  3. Bypassing Verification Status Checks — “is_varified: false”
  4. Direct Access to the Verified User Area -** /dashboard or /profile**
  5. Verification email hijacking

Content Spoofing/Test Injection/External Authentication Injection

  1. Go to example.com
  2. Then just change the above URL like this https://example.com/wp-login.php?error=access_denied to https://example.com/wp-login.php?error=you are hacked
  3. Click enter and the message got reflected on the page.

Failure to invalidate session — On the password reset/change

  1. Create an account on https://site.com
  2. Login using credentials in 2 browsers
  3. Open the profile/settings.
  4. Go to Change password and change the password in Browser 1
  5. Visit Browser 2 and edit the profile data (name/contact no/profile picture) and click on save.
  6. Refresh the page once and the data will be changed

Delete Account Without Password

  1. Visit the website and log into your account.
  2. Go to the profile/settings section.
  3. A delete account button will be displayed.
  4. Click on the delete button and your account is successfully deleted.

SPF and DMARC Record

For SPF

For DMARC

  • Visit — https://mxtoolbox.com
  • Enter the domain name — target.com and hit go
  • The domain name will show No DMARC Record found

Broken Link Hijacking

  1. Open the link https://www.website.com
  2. Click on the social media icons like — Twitter / Facebook / Instagram, etc.
  3. If not the account will not be made, it will return — PAGE NOT FOUND or ACCOUNT NOT FOUND
  4. The attacker can create an account by the company’s name.

Clickjacking

  1. Open the site.com and go to the profile/account/settings page
  2. Copy the profile URL and paste it on the clickjacking exploit and save it
  3. Open the clickjacking file and the target.com will be vulnerable to Clickjacking and load successfully into the iframe of the attacker
  4. The attacker can perform a sensitive action

The token is invalidated after use

  1. Open the URL https://site.com
  2. Go to Forgot password page
  3. Enter your email ID and you will receive a reset link
  4. Change the password multiple times using the same reset link
  5. The password gets changed every time.

HTTP by default

  1. Open the domain — http://site.com
  2. Copy the URL and open a new tab
  3. Paste the URL and add a “S” in the domain
  4. If the URL not open on https then it’s vulnerable

Improper Cache-Control

  1. Open the URL in your browser https://example.com
  2. Login using the desired credentials
  3. Open any sensitive page like (account/settings/profile )
  4. Click on the signout button
  5. Press the back button of the browser
  6. User’s sensitive information will be visible on the page

Weak Registration Implementation

  1. Open this URL in the browser — example.com/signup
  2. An account verification link will be sent
  3. Go to your email inbox and open the email
  4. Right-click on the link and copy the link
  5. Paste the link in notepad/browser and check if it is on HTTP
  6. Press enter and check if the account is opened or not.

Weak Password Reset Implementation

  1. Go to forgot password page
  2. Enter the registered email
  3. Go to the email inbox
  4. Right-click on the box and copy the link
  5. Paste the link in the browser
  6. Check if the link is on HTTP

#HappyHacking

Bugbounty Tips
Bug Bounty
Ethical Hacking
Bug Hunter
P4 Bugs

--

--

Aman Bhuiyan
Aman Bhuiyan

Written by Aman Bhuiyan

203 Followers
69 Following

I hold a beast, an angel and a madman within me.” — Dylan Thomas

Responses (2)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams