[[IDOR|IDOR]] Posting comments impersonating some other users.
[] Change the email of th request to registered email in target [] Change email to un registered email in the target and then register with it [] Change the ID one number or the whole id with another user ID
DOM Clobbering
We can therefore cause the JavaScript references to return an empty object using the following technique:
<img id="getElementById"> <img id="querySelector"> <img id="getElementByTagName">
Which now returns the following output in our console: Uncaught TypeError: document.getElementById is not a function at ….
document.getElementById is not a function at ….
assuming an application uses a BBcode tag to publish image: [img width="100" height="50"]<https://www.bbcode.org/images/lubeck_small\\.jpg\\[/img]> Which is interpreted in the browser as follows: <img width="100" height="50" src=”https://www.bbcode.org/images/lubeck_\\small.jpg”> We can take advantage of DOM clobbering like this: [img width="100" id=”getElementById” height="50"]<https://www.bbcode.org>\\/images/lubeck_small.jpg\\[/img] We have now effectively clobbered the DOM in the web application, which may result in the breakdown of functionality and in some cases cause the browser to become unresponsive
Markup Language? try Create A picture that steals Data
Go to <https://iplogger.org/> choose invisible image send the comment
[[IDOR|IDOR]]to Read any other's comments
Search for any fields/forms that you cant see others comments
Analyze the traffic
change identifier to user B and u can see user b comments
Race Condition
Unlimited Comments on a thread
Suppose a user can comment only once, try race conditions here to see if multiple comments are possible.
Privilege Escalation
Suppose there is an option: comment by the verified user (or some privileged user) try to tamper with various parameters in order to see if you can do this activity.
Thread Comment Functionality
Try posting comments impersonating some other users.
Last updated 10 months ago
