⭐Contents
➡️Missing Rate Limiting➡️Unrestricted File Upload
➡️Reflected and Blind cross site scripting
➡️Application level Dos
--------------------------------------------------------------------
π Rate Limiting in Chat Bots
π Description:-
Chat Bots are used for interaction between people and services to enhance customer experience.And an user can send messages.When the message endpoint has no rate limit protection then we can send unlimited messages which can leads to denial of service attack.
π Exploitation:-
❇ Send a Message to chatbot and intercept that request into burpsuite
❇ Now Send This Request To Intruder And Repeat It multiple more than 200+ Time By Fixing Any Arbitrary Payload Which Doesn't No Effect Request I Choose Accept-Language: en-US,en;q=0.$5$
❇ Ater some time you will get 500 status code
❇ Now try to send a message to that CHAT bot with another account and you wont get any reply since CHAT bot system is crashed
π Impact:-
Business Impact and DOS because the user wont get reponse from the company which can decrease the interaction between people and services and when chat bots crashed some bot servcies Costs to replace you bot or fix the issuse as result Financial Lose
π Reference:-
https://bugreader.com/ahmad_halabi@crashing-chat-bot-system-215
π Unrestricted File Upload
π Description:-
Here the attacker can able to upload any file format like .exe,.php,e.t.c in chatbot
π Exploitation:-
❇ upload asp file using .cer & .asa extension
❇Upload .eml file when content-type = text/HTML
❇ Check for .svg file upload you can achieve stored XSS using XML payload
❇ upload PHP file using .pht extension when web app validates for the extension. (Apache-Linux)
π Impact:-
we can achive remote code execution with the file upload vulnerability by uploading php shell and also we can achieve XSS, LFI , XXE ,Phising, paramter pollution ,SQL injection , it may disclose sensitive info and internal paths and etc
π Reference:-
https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
https://hackerone.com/reports/826288
https://hackerone.com/reports/925513
https://bugdisclose.medium.com/art-of-unrestricted-file-upload-exploitation-92ed28796d0
π Reflected and Blind Cross Site Scripting in Chat
π Description:-
Here the attacker can able perform both reflected and blind xss
π Exploitation:-
❇ for reflected xss we can craft payloads based upon filters
❇ for blindxss when we start chat they will ask about our details in input parameters use xsshunter you will get mail when it triggers
π Impact:-
An attacker is able to access critical information from the support team. The XSS reveals the administrator’s IP address, backend application service, titles of mail chimp customer and internal subscription emails, support team session cookies.
π Reference:-
https://hackerone.com/reports/73566
https://hackerone.com/reports/81757
https://hackerone.com/reports/1010466
π Application level Dos
π Description:-
By Sending Low and high end(based upon the file limit they mentioned) resolution image in chats bots leads to Dos attack
π Exploitation:-
❇ Create a two accounts(Normal and attacker account)
❇ Now upload a low pixel size image in chat bot as attacker and on the same time upload a normal image from the second account as normal user
❇ Now both the attacker and victim will get 502 response
π Impact:-
Here Due to Low Pixel Images uploaded by attacker cause 502 response and other users are not able to upload images to the support team
Thank Youπ
ReplyDeletenice man
ReplyDeleteThank youπ
ReplyDeleteThis post is so usefull and informative.Keep updating with more information...
ReplyDeleteAI Courses in Mumbai
AI Course in Ahmedabad
AI Course in Kochi
AI Courses in Trivandrum
AI Training in Kolkata
This blog gives me the most valuable information thanks for this wonderful blog..
ReplyDeleteVmware Training in Chennai
VMware Online Training
Vmware Training in Bangalore
Very valuable blog.Thanks for sharing.
ReplyDeleteartificial intelligence training in Pune