klout.com cookie vulnerability – full disclosure – Proof of concept

5 04 2010

Today, I have discovered a vulnerability within klout.com.
This bug allows you to update other people’s stats, change their password, or their email.

The vulnerability is situated in the cookies.

To achieve the desired result, you must edit your cookies (through, for example, the firecookie plug-in for the firebug add-on for firefox)

One must then log in WITH “remember me” enabled.

Screenshot 1:

If you have firecookie open, you will now see your own username somewhere, you must change this to the username of your victim.

Screenshot 2:

Next, delete the PHPSESSID in your cookies, navigate to another page on klout, and then go to “My Profile”. You should then see that you are now logged in as your victim.

NOTE: This is merely a bug i discovered and am disclosing here. This is for educational purposes only and I will not be held responsible for any harm done. I will also as of this moment not answer any further questions about this disclosure.




4 responses

5 04 2010

Has u made contact to klout.com in order to inform this vulnerability before posting in this page?

5 04 2010

Yes, i have contacted klout.com to inform them of this vulnerability

14 06 2010
Kevin Olson

Sorry I didn’t post an update here, but we pushed out a fix to this vulnerability shortly after it was brought to our attention.

Kevin Olson

15 06 2010

That’s great, and it was pretty fast fixed too!

It wasn’t a major security bug as, by my knowledge only really allowed you to update other people’s statuses, a bug is a bug!

good job

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: