Mohamed M.Fouad - a security researcher from Egypt have found that famous FileHosting website 4shared vulnerable to XSS(Cross Site Scripting), Clickjacking, CSRF & Openssl CCS Injection Vulnerability and Apache tomcat example directory vulnerability that can lead to cookies http only bypass , Session manipulation.
4shared as we all know is a hosting service and file sharing founded in 2005 , and now all the world uses it to store his/her files but what happened if our files stolen or deleted. Critical vulnerabilities and their impact on users found by the researcher with a POC Video is given below.
1 - 4shared Vulnerable to Openssl CCS Injection Vulnerability which as we know it can used in MITM ATTACKS :
===================================================
As we know, a critical vulnerability in Openssl discovered 2 months ago in June 2014 : it could allow for a man-in-the-middle attack against an encrypted connection. SSL/TLS connections typically allow for encrypted traffic to pass between two parties where only the intended senders and recipients can decrypt data. In the event of a man-in-the-middle attack, an attacker could intercept an encrypted data stream allowing them to decrypt,view and then manipulate said data.
So this is a critical vulnerability Network Wise and it negates the use of SSL as a privacy protection barrier. and this because they didn’t care about users safety they should upgrade their openssl version to patch this critical vulnerability.
2 - Apache Tomcat examples directory vulnerability :
======================================
Tomcat application server by default contains “/examples” directory which has many example servlets and JSPs. 4shared should disable public access to this directory by following security reasons:
1 - Bypassing HttpOnly Cookies protection
2 - CSRF cookies manipulation
3 - Session manipulation
This vulnerability bypass 4shared httponly cookie protection so attacker can access and manipulate user cookies and steal it and what if this cookies contains user tokens so attacker in this case will have user session id and token so he/she can do any request to the victime account.
3 - Cross-site Scripting in 4shared login page:
=================================
It will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. as i talked about XSS above the problem is really all 4shared vulnerable to XSS attack and that’s the problem they have to using WAF and fix all these because the impact of these XSSs innocent users.
4 - Clickjacking attack :
=================
According to Researcher, 4shared is vulnerable to “Click Jacking” attack & it can load iframe in it.
IMPACT :
=======
When an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both.
POC(Proof of Concept) URL :
https://www.dropbox.com/s/uougl79fx5k0vvl/4shared%20Vulnerabilities.avi
According to the researcher, XSS vulnerability was fixed by 4shared and researcher rewarded with a premium account for 6 months.