Security Breached Blog

One step at a time There's no need to rush It's like learning to fly!

Improper Input Validation | Add Custom Text and URLs In SMS send by Snapchat | Bug Bounty POC

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue.     HackerOne Report: #420420 A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what […]

Hey guys so this blog post is about an Issue in Snapchat’s Website, due to Improper Input Validation one can add custom text & urls in SMS send by Snapchat here’s a Short POC of the issue.

 

 

HackerOne Report: #420420
A Subdomain on Snapchat’s website https://whatis.snapchat.com/ Gives the basic information about Snapchat, what it does and how it works along with this at the bottom of the page it have an option to try snapchat yourself by downloading the app now you can either download by clicking the links or by getting an sms containing link to download the app to your phone.

 

 

I decided to test that and i put my phone num there and clicked Send Link a HTTP POST request was made to a URL on app.snapchat.com 

https://app.snapchat.com/stories_everywhere/download_sms?phone_number=2133198570&country_code=US&cid=whatis

the ‘cid=’ parameter caught my attention as the SMS that was send also contained the parameter in the message

Now i wanted to try to make a custom message sent by snapchat but as the POST request that was sent earlier couldn’t be modified i decided to test the ‘cid=’ parameter so i changed and added text and URL in the ‘cid=’ parameter in the request and as URLs can’t contain a space i added + just to break the clickable URL in SMS and make it look like text.

cid=TES+HACKED+1337+LOL+HacKerOne.com

Just by this a Person could have added custom text and URLs in SMS send by snapchat.

 

 

Snapchat Fixed this by not reflecting the cid or any other parameter in there SMS.

#Takeaways: 

  • Always test common endpoints and see how they reflect to different values added to them.
  • Keep Hunting you have no idea what kinda bug might pay your bills.

 

Thanks for Reading.. 

 

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.