Naukri.com Security Bug found
Hi Folks, Today I am going to show and explain Security bug of Naukri.com from Mails, Being a Backend Coder and with knowledge of SQL injection and security breach issues, I came to know about Bug in Naukri.com’s security that without login,you can access your or your Friend’s profile, if he has sent you Mail of Naukri.com’s Job Opening Mail.
This issue I found out because, I have forwarded mail to few of my colleague as I was not looking out for job change.
One of my colleague got the job opening mail which I have forwarded to him, to update his profile he has clicked on “Update now”, And profile which was opened was mine, without seeing that, he has updated his CV into my Profile.
And due to that I have started getting Calls of HRs that weather I am looking for job change or not. When I refused to some HRs, One of HR said that why I have updated profile, if I am not looking out and even some HRs claimed that CV in my naukri profile is of some other person from my company.
So I understood that there should be fussy about the mails which I am forwarding to my friends/colleagues to help them getting job. After investigation of mail template of Naukri.com and “Update Now” Button’s url I came to know that this security glitch or security breach is present.
You help a colleague/friend and if your colleague/friend can access your profile, along with email/phone he can see your Salary information which is highly confidential.
Stay Safe.
*PS : I have showed this step and performed this steps for spreading awareness and not to malign Naukri.com, I highly respect Sanjeev Bikhchandani (CEO of Naukri) I sincerely request Naukri.com to act upon their security breach. And If they find this search useful, they can reward me ;)
Steps To see this Naukri.com security Glitch
Step 1. Ask your Friend to mail you any Job Openings Mail by Naukri.com
Step 2. Then go To Your MailBox, Click on Update Profile in that mail and You can see his/her profile.(your friend’s naukri.com profile)
Step 3. You can see and Edit his/her profile.
Note: This step works only once, if you log out of your friends profile and click on that link again of Update Profile, it won’t work. You need to get Fresh mail again.
Cause of such Security Threat.
In Naukri.com ‘s mail, Update Now button has security token and email id token passed as below :
https://my.naukri.com/AL/updateProfile?
alid=e5d12d8867007a787b16a698c02482a875XXcXXXX8e3aaf997a0cfcd1ac1cXXXXcb8c03a796a
5512c22fbe1a8d7XXXXa6fae98b70ac589f4&email=f0d5c18669553XXXX0cba21XXX2b8443
&src=M&utm_campaign=jobalert_revamp&utm_medium=mailer&utm_source=updateprofile
*PS : I have mased few characters in url with 'X', directly this URL won't work
See here it passes alid and email and updateprofile as message, their update profile API would not have either security check or this alid is session token passed along with Url or even it is possible that they might have missed condition to check validity of session.
Video is for Proof and explanation is given below.
In First Video I have shown that No One is logged in to Naukri.com but If I have forwarded this email to my friend Pooja, from her Login I opened my Mail and clicked on Update Now button which lended on page where she can update my profile
In This second Video I have shown that No one is logged in to Naukri.com, I refreshed and showed, I open one mail and clicked on “Edit this Job Alert”, Which asked me to Login ( Probably there, they have taken care of session and login check) But I opened another mail with button “Update Now” and I was able to see/edit my profile without login.
Now if this mail is forwarded to any Person, He or she can also see/edit my Naukri.com profile or can get all personal information.
In Third Video, I have shown that even if you are logged out and click on “Update Now”, you can access your profile without login. And same mail if its forwarded to any of your friend , he/she can access your profile.