1 / 12

Appvigil app vulnerability scanners for zomato

Appvigil Advanced automated Mobile App Vulnerability Scanner Tools.

appvigil
Download Presentation

Appvigil app vulnerability scanners for zomato

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. API Vulnerability: BulletDodged

  2. | MobileReputation ProtectionSuite What’sZomato • Zomato is an online restaurant search and discovery service providing information on home delivery, dining-out, cafés and nightlife in cities of India and 21 othercountries. • The site has an Alexa rank of 1,210 in the world and 146 inIndia • as of June2015. • Features: • Find the best restaurantsnearby • Detailed restaurant info, and thousands of scannedmenus • Follow foodies for trustedreviews • Create your own personal fooddiary

  3. | MobileReputation ProtectionSuite ZomatoStatistics • Presence in 106 cities across 13countries • Approximate user base of 62.5million • Base of 255,700 restaurants on theirportal.

  4. | MobileReputation ProtectionSuite HackDetails • While creating an account, a user can store his phone number, addresses, date of birth, link Instagram account etc. In one of the API call, the user data was reflected based on the "browser_id" parameter in the APIrequest. • Changing the "browser_id" sequentially resulted in data leakage of other Zomatousers. • The data leaked also had Instagram access token which could be used to see private photos on Instagram of respective Zomato users.

  5. | MobileReputation ProtectionSuite VulnerabilityDetails • Insecure Direct Object References occur when an application provides direct access to objects based on user-suppliedinput. • As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly, for example database records orfiles. • Resources can be directly accessed by modifying the value of a parameter used to directly point to anobject. • Resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorizationchecks.

  6. | MobileReputation ProtectionSuite VulnerableEndpoint POST/v2/userdetails.json/XXXXX?&browser_id=XXXXX&type=journey&lang=en&uuid=pgh1evyBWv L+sp9/JpwUpItnk8Q=&app_version=6.5.0.1HTTP/1.1 Accept:*/* Content-Length:214 Accept-Encoding: gzip, deflate X-Zomato-API-Key:XXXXXXX Content-Type: application/x-www-form-urlencoded User-Agent:Zomato/5.0 Host: 1api.zomato.com Connection: Keep-Alive Cache-Control:no-cache lang=en&uuid=pgh1evyBWvL%2Bsp9%2FJpwUpItnk8Q%3D&client_id=Zomato_WindowsPhone8_v 2&app_version=6.5.0.1&device_manufacturer=NOKIA&device_name=NOKIA%2520Lumia%2520102 0&access_token=xyz Replacing the XXXXX with victim's user id in the above request led to informationdisclosure.

  7. | MobileReputation ProtectionSuite Ease ofExploitability • You can easily get userid of any zomato user by visting their profile. They are public and appended to your profileurl. • This bug was responsibly disclosed to Zomato and was fixed within few minutes by the engineering team.

  8. | MobileReputation ProtectionSuite About TheHacker • Anand Prakash is the man behind the discovery and reporting of this vulnerability tozomato. • He is currently working as a security engineer at Flipkart inBangalore • His past experience includes working with Haryana Police in cyber crime investigation and Penetration testing at e-billingsolution. • He works as a network engineer in wellknown • telecom solutionprovider.

  9. | MobileReputation ProtectionSuite DisclosureTimeline • June 1, 2015 09:29 PM : Report sent to Deepinder Goyal,CEO • June 2, 2015 12:54 PM : Added Gunjan Patidar, CTO and Shrey Sinha to the mailthread • June 2, 2015 1:04 PM : Bug acknowledged by GunjanPatidar • June 2, 2015 2:01PM : Confirmation of vulnerability fix from GunjanPatidar

  10. | MobileReputation ProtectionSuite What’sAppvigil Appvigil, an integrable Mobile Reputation Protection Suite for MobileApps

  11. | MobileReputation ProtectionSuite How? Appvigil is an automated cloud based Mobile App security scanner whichenables enterprises identify security vulnerabilities & loopholes in their mobile apps and fix them Helps you locate the exact security bugs in mobileapps StaticAnalysis DynamicAnalysis NetworkAnalysis Bytecode structure of the app is analyzed to lookfor any vulnerableconnection Run time behaviour of an app is tested against the vulnerabilitiesin emulated hackingenvironment Capturing all communication packets that the app functionswith complete request responsedetails

  12. | MobileReputation ProtectionSuite Reachus A Productby Email:hello@appvigil.co Web: appvigil.co FB:fb.com/appvigil Twitter:@appvigil_co

More Related