HackerOne: Able to create basic user account via Google login on HackerOne Drupal CMS
2017-02-23T12:59:58
ID H1:208407 Type hackerone Reporter ishahriyar Modified 2017-04-25T07:38:05
Description
Summary:
Hi,
I've found that hackerone.com has drupal installed and when I navigated to this URL
https://www.hackerone.com/user/password
Found "Log in" and "password reset option".
When I clicked on login it redirected me to google login
Then I login using my gmail account and it redirected to hackerone.com
Then I requested to pasword reset and got link from email and able to acces the
internal drupal
Description (Include Impact):
Able to create a new account on that CMS.
Steps To Reproduce
Navigate to this https://www.hackerone.com/user/password
Click "Log in" using google account.
3.Again navigate to this https://www.hackerone.com/user/password
put the google mail and click on the request.
A one-time login link will be provided to that email
POC:(Unlisted)
https://youtu.be/lBio9OZpLpM
{"id": "H1:208407", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: Able to create basic user account via Google login on HackerOne Drupal CMS", "description": "**Summary:**\nHi,\nI've found that hackerone.com has drupal installed and when I navigated to this URL\nhttps://www.hackerone.com/user/password\nFound \"Log in\" and \"password reset option\".\nWhen I clicked on login it redirected me to google login\nThen I login using my gmail account and it redirected to hackerone.com\nThen I requested to pasword reset and got link from email and able to acces the \n internal drupal\n\n**Description (Include Impact):**\nAble to create a new account on that CMS.\n\n### Steps To Reproduce\n\n1. Navigate to this https://www.hackerone.com/user/password\n2. Click \"Log in\" using google account.\n3.Again navigate to this https://www.hackerone.com/user/password\n\nput the google mail and click on the request.\n\nA one-time login link will be provided to that email\n\n\n\n\n\nPOC:(Unlisted)\nhttps://youtu.be/lBio9OZpLpM\n", "published": "2017-02-23T12:59:58", "modified": "2017-04-25T07:38:05", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/208407", "reporter": "ishahriyar", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:09", "viewCount": 9, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-04-19T17:34:09", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:09", "rev": 2}, "vulnersScore": -0.0}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713", "small": "https://profile-photos.hackerone-user-content.com/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"disabled": false, "url": "/ishahriyar", "username": "ishahriyar", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/018/459/08b7928dece9c87f0cddbdb6701040a05d95075a_small.png?1439935268"}, "hacker_mediation": false, "is_me?": false}}