I have discovered Cross Site Request Forgery (CSRF) Vulnerability in Top Online-based SMS sending service websites 160By2.com and Way2SMS.com. Let me start with security flaw in the 160By2 because it is critical one.
CSRF in 160By2:
The vulnerability allows hackers to send SMS from the target victim account to any mobile. I've discovered this flaw when i was sending New Year wishes to my friends.
The vulnerability resides in the "SMS alerts" page. This page allows user to send Schedule SMS. Unfortunately, this page fails to check whether the request is coming from the user or not with the help of CSRF token.
So It is easy for an attacker to lure victim into click a crafted-link that sends malicious request to server.
Hackers can modify the request such that it can send sms to anyone at any time.
Solution:
While sending the above request, include and verify "action" value that you have used in the main sms sending page.
CSRF in Way2SMS:
This vulnerability just allows hacker to change the name of the victim with a crafted-request.
Solution:
While sending the above request, include and verify "action" value that you have used in the main sms sending page.
I tried to notify both websites regarding the issue with solution to fix the vulnerability. But there is no response from their side. So i planned to publish the details .
Note: Previously, i discovered Persistent XSS vulnerability and notified 160By2 . But they failed to respond that time also.
CSRF in 160By2:
The vulnerability allows hackers to send SMS from the target victim account to any mobile. I've discovered this flaw when i was sending New Year wishes to my friends.
The vulnerability resides in the "SMS alerts" page. This page allows user to send Schedule SMS. Unfortunately, this page fails to check whether the request is coming from the user or not with the help of CSRF token.
So It is easy for an attacker to lure victim into click a crafted-link that sends malicious request to server.
CSRF Vulnerability in 160BY2 |
Solution:
While sending the above request, include and verify "action" value that you have used in the main sms sending page.
CSRF in Way2SMS:
This vulnerability just allows hacker to change the name of the victim with a crafted-request.
Solution:
While sending the above request, include and verify "action" value that you have used in the main sms sending page.
I tried to notify both websites regarding the issue with solution to fix the vulnerability. But there is no response from their side. So i planned to publish the details .
Note: Previously, i discovered Persistent XSS vulnerability and notified 160By2 . But they failed to respond that time also.