Road to Dell Security Acknowledgement Page

Hi folks,

Last time in Proof of Concepts I wrote about how I found some Cross Site Scripting Vulnerabilities in a CMS which led to CVEs.So in this article, I’ll be sharing another POC on a Cross Site Scripting Vulnerability that was present in a Dell subdomain.

This vulnerability which I had reported was way back in October 2017 and it was my third accepted bug after Intel and Avast so it’s kind of very special to me.

Now coming to XSS,

According to the internet, Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source; the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

In the upcoming days, I’ll make a detailed explanation on XSS which will be put on in the articles tab.

So moving on I started with the basic recon process that everyone follows.

So I used google dorks to find out some subdomains of dell..below is the google dork which we could use to find out various subdomains of a particular website

Site:*.dell.com –www

But there are lots of other feasible tools which we could use to enumerate subdomains as well, like Sublist3r, Knockpy and some online websites like Virustotal.

So after testing multiple subdomains, I landed on the following subdomain:-

https://marketing.dell.com

The page was basically dedicated to providing customer support to the public.

It had two steps.

In the first step, I had to write a message along with our email id and click on next.

This redirected me to step 2 which was a contact us form which looked like this

C:\Users\user\Downloads\image002.jpg

There were various input fields like first name, last name, company, title etc…ok so too many input fields..a good place to test our XSS payloads ?

So I filled up the details randomly and thought of placing an XSS payload in the First name input field

This the payload I used was this :- “><svg onload=prompt(“XSS”) ;//

And after filling out the other details I clicked on the next button which then took me to a Thank you page and along with that, I received a magical XSS popup.

C:\Users\user\Downloads\image004.jpg

I quickly prepared a report regarding the security issue and mailed it to
Vulnerability_Research@dell.com

And after months of discussions, they fixed the issue and placed my name in their Security Acknowledgement page

Link to their Security Acknowledgement Page: https://www.dell.com/learn/nz/en/nzbsd1/campaigns/contributors-dell-software-security

Timeline

15 Oct 2017:- Reported the issue

18 Oct 2017:- Got confirmation that the message has been received and would be reviewed internally by them.

30 Oct 2017:- Got confirmation that remediation is in progress.

21 Dec 2017:- The issue was fixed and got confirmation

12 Jan 2018:- Placed my name along with social media links to their Security acknowledgment page.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *