Friday, July 23, 2021

TikTok patches reflected XSS bug, one-click account takeover exploit

Must Read

40% of Remote Workers are Vulnerable to Cyber-Attacks

Two in five Remote Worker in the united kingdom are vulnerable to cyber-attacks since they haven't obtained advice about...

Integrated police operations Center launched in Cyberabad

The Telangana State Police Public Safety Integrated Operations Centre claimed to be India's earliest and most incorporated police operations...

Authorities likely to tighten cybersecurity Standards after BigBasket data breach

NEW DELHI: Faced with the latest spate of cyber breaches ranging from this on Prime Minister Narendra Modi's site...

TikTok has patched a reflected XSS security defect along with a bug leading into account takeover affecting the company’s domain.

As reported via the Bug bounty platform system HackerOne by writer Muhammed”Milly” Taskiran, the initial exposure relates to a URL parameter about the tiktok.com domain that was not correctly sanitized.

While fuzzing the stage, the insect bounty researcher discovered that this problem could be tapped to reach reflected cross-site scripting (XSS), possibly causing the execution of malicious code in a user’s browser session.

Additionally, Taskiran discovered an endpoint vulnerable to Cross-Site Request Forgery (CSRF), an assault where hazard actors can dupe consumers into submitting activities on their behalf into an internet application as a user.

Taskiran managed to produce a simple JavaScript payload that united both vulnerabilities. The script managed to activate the CSRF problem, then when injected to the exposed URL parameter, could result in some searchable accounts takeover.

“The endpoint allowed me to specify a new password accounts that had utilized third-party programs to signup,” the insect bounty hunter stated.

Taskiran was granted a reward of $3,860.

From September 3, TikTok had triaged the safety difficulties and assigned a seriousness score of 8.2.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This