Activation Link Vulnerability

Introduction

Nowadays, hacking and cracking is simple. I have even  found this vulnerability in well-ranked websites. I would like to expose that vulnerability here so that you all will be aware of this.

Prerequisites

Understanding of cryptography and hashing algorithms.

I will explain how to find the vulnerability and bypass it.

STEP 1

Let's consider a website,  lokesh.com

The lokesh.com website will usually send an activation link to the mail id which you had entered in the registration form.

Activation Link Vulnerability

STEP 2

Login to your mail and check for the activation link. Only after clicking that activation link will the account be verified.

The website may have used the hash of your emailid or mobilenumber or any of your information you filled in the registration form for the activation link.

First, note down the activation link that has been sent to you. In my case, the activation link was as follows:

https://lokesh.com/activation/hash=c4debce224a3fb5032c83fd567d09cba12909b5331272910d1accd93f1f25864a49d5c8c2a7399b79ce6b0c0fbbb2fb543cb445037aaabfe80ab1cc0bb5addac

STEP 3

Here, we have to identify which information (datas entered in the registration form) is used for hashing and which hash algorithm is used in the activation link.

In my case, I have used the email as information for demonstration.

Mail id -- [email protected]

I will tell you how to find the hash in an easy way. There are many websites that generate hashes -- I  recommend https://www.browserling.com/tools/all-hashes.

Activation Link Vulnerability

So, from all the hashes generated for [email protected], compare the hash generated with the hash in the activation link.

Now, you can find that the SHA-512 matches them (the site may have used any of the hashing algorithms, so for finding which hashing is used, first test with your very own mailid).

STEP 4

****Activation link exposed *****

Finally, we came to know that the activation link hashes used SHA-512 and emailid as information.

Then the activation link for any of the email id will be as follows:

https://lokesh.com/activation/hash=(SHA-512 hash of emailid)

Conclusion

By using this vulnerability anyone can gain access for activating the account. So, every activation link has to be salted (In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage.).

Note

Most of the sites use salted tokens nowadays. So this method of bypassing will not work out in most of the well-maintained websites .


Similar Articles