Hello everyone,
I want to share how easy it is to exploit vulnerabilities on a website and how Ericsson ignored my report. Here’s what happened:
Applying for a Position at Ericsson
When I applied for a job at Ericsson, I discovered their “Join Talent Network” This page allows anyone to enter their First Name, Last Name, Email, and upload a resume for future opportunities. It seems like a convenient solution, but there are significant issues:
– No GDPR Compliance: There are no GDPR notes, so we don’t know what they can do with the data.
– Email Spam: Anyone can add an email to the list without the user’s permission, and the same email can be entered repeatedly. This can flood the user’s inbox, which is annoying.
– Potential for DDoS Billing Attack: This vulnerability can be exploited to cause a Denial-of-Service (DDoS) attack on Ericsson’s financial resources.
The Role of CloudFront and Amazon
You might wonder how CloudFront and Amazon are involved in this. Here’s the explanation:
By using tools like a browser’s debug console or Burp Suite, we can observe requests and responses from the server. Here’s what I found:
Transport-Security: max-age=31536000; includeSubDomains
Vary: Cookie
Via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: dX0a5S59w1rro45VsIT8NMQQV9DMUtLIk4GSqewN0requqN2W7AMJQ=
X-Frame-Options: SAMEORIGIN
Looking at the email headers, emails are sent from Amazon SES, a paid service:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
Received: from a27–248.smtp-out.us-west-2.amazonses.com (54.240.27.248)
An attacker can exploit this by sending a large number of emails to the victim, increasing Ericsson’s bill for unnecessary emails (a Billing DDoS attack). This vulnerability has a 97% likelihood of being exploited for a Billing DDoS attack.
