Appvigil App Vulnerability Scanners for Zomato
Transcript of Appvigil App Vulnerability Scanners for Zomato
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 1/12
API Vulnerability: Bullet
Dod ed
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 2/12
• Zomato is an online restaurant search anddiscovery service providing information on homedelivery, dining-out, cafés and nightlife in cities ofIndia and 21 other countries.
• The site has an Alexa ran of 1,21! in the "orldand 1#$ in Indiaas of %une 2!1&.
|What’sZomato
'o(ile)eputation*rotection+uite
eatures
• ind the (est restaurants near(y• etailed restaurant info, and thousands of
scanned menus
• ollo" foodies for trusted revie"s
• /reate your o"n personal food diary
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 3/12
|ZomatoStatistics
'o(ile)eputation*rotection+uite
• *resence in 1!$ cities across 10countries
• Approximate user (ase of $2.&million
• ase of 2&&,!! restaurants ontheir portal.
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 4/12
|HackDetails
'o(ile)eputation*rotection+uite
• 3hile creating an account, a user can store his phone
num(er, addresses, date of (irth, lin Instagram
account etc. In one of the A*I call, the user data "as
re4ected (ased on the 5(ro"ser6id5 parameter in the
A*I re7uest.
• /hanging the 5(ro"ser6id5 se7uentially resulted in
data leaage of other Zomato users.
• The data leaed also had Instagram access toen"hich could (e used to see private photos on
Instagram of respective Zomato users.
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 5/12
|VulnerabilityDetails
'o(ile)eputation*rotection+uite
• Insecure irect 8(9ect )eferences occur "hen an
application provides direct access to o(9ects (ased
on user-supplied input.
• As a result of this vulnera(ility, attacers can
(ypass authori:ation and access resources in thesystem directly, for example data(ase records or
;les.
• )esources can (e directly accessed (y modifying the
value of a parameter used to directly point to an
o(9ect.
• )esources can (e data(ase entries (elonging to
other users, ;les in the system, and more. This is
caused (y the fact that the application taes user
supplied input and uses it to retrieve an o(9ect
"ithout performing su<cient authori:ation checs.
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 6/12
|VulnerableEndpoint
'o(ile)eputation*rotection+uite
*8+T=v2=userdetails.9son=>>>>>?@(ro"ser6id>>>>>@type9ourney@langen@uuidpgh1evy3vBCspD=%p"EpItnFG@app6version$.&.!.1 HTT*=1.1Accept =/ontent-Bength 21#
Accept-Jncoding g:ip,de4ate >-Zomato-A*I-Key >>>>>>>/ontent-Type application=x-"""-form-urlencoded Eser-Agent Zomato=&.!Host1api.:omato.com
/onnection Keep-Alive /ache-/ontrolno-cache
langen@uuidpgh1evy3vBL2spDL2%p"EpItnFGL0@client6idZomato63indo"s*honeF6v
2@app6version$.&.!.1@device6manufacturerM8KIA@device6nameM8KIAL2&2!BumiaL2&2!1!2 !@access6toenxy:
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 7/12
|Ease ofExploitability
'o(ile)eputation*rotection+uite
• Oou can easily get userid of any :omato
user (y visting their pro;le. They are
pu(lic and appended to your pro;le url.
• This (ug "as responsi(ly disclosed to
Zomato and "as ;xed "ithin fe"
minutes (y the engineering team.
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 8/12
|About heHacker
'o(ile)eputation*rotection+uite
• Anand *raash is the man (ehind thediscovery and reporting of thisvulnera(ility to :omato.
•
He is currently "oring as a securityengineer at lipart in angalore
• His past experience includes "oring "ithHaryana *olice in cy(er crimeinvestigation and *enetration testing at e-(illing solution.
• He "ors as a net"or engineer in "ellno"ntelecom solution provider.
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 9/12
• %une 1, 2!1& !D2D *' )eport sent to eepinder Poyal, /J8
• %une 2, 2!1& 12&# *' Added Pun9an *atidar, /T8 and +hrey +inha tothe mail thread
• %une 2, 2!1& 1!# *' ug acno"ledged (y Pun9an *atidar
• %une 2, 2!1& 2!1 *' /on;rmation of vulnera(ility ;x from Pun9an*atidar
|Disclosureimeline
'o(ile)eputation*rotection+uite
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 10/12
App!i"il# an inte"rable $obile %eputation &rotectionSuite for $obile Apps
|What’sApp!i"il
'o(ile)eputation*rotection+uite
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 11/12
Ho'(
ytecode structure ofthe app is analy:edto loo for anyvulnera(leconnection
)un time (ehaviour of anapp is tested against the
vulnera(ilities in emulatedhacing environment
Appvigil is an automated cloud (ased 'o(ile App security scanner"hich ena(les
enterprises identify security vulnera(ilities @ loopholes in their mo(ileapps and ;x them
Helps you locate the exact security (ugs in mo(ile apps
StaticAnalysis
DynamicAnalysis
)et'orkAnalysis
/apturing all communicationpacets that the app
functions "ith completere7uest response details
| 'o(ile)eputation*rotection+uite
7/23/2019 Appvigil App Vulnerability Scanners for Zomato
http://slidepdf.com/reader/full/appvigil-app-vulnerability-scanners-for-zomato 12/12
%eachus
| 'o(ile)eputation*rotection+uite
Jmail
helloQappvigil.co3e(appvigil.co f(.com=appvigil
T"itterQappvigil6co
A *roduct(y