Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
đź“„
Report #34720
đź“„

Report #34720

Report Date
August 21, 2024
Status
Closed
Payout

Content spoofing at https://basin.exchange/

‣
Report Info

Report ID

#34720

Report type

Websites and Applications

Has PoC?

Yes

Target

https://basin.exchange

Impacts

Persistent content spoofing / text injection issues

Description

Content spoofing, also referred to as content injection, “arbitrary text injection” or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application

Vulnerability Details

When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain

Impact Details

This attack is typically used as, or in conjunction with, social engineering because the attack is exploiting a code-based vulnerability and a user's trust

References

https://owasp.org/www-community/attacks/Content_Spoofing

Proof of concept

Open this link using Chrome browser and wait about 5-7 seconds:

https://basin.exchange/?utm-source=immunefi#/wells/--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------MAINTENANCE%20please%20go%20to%20https%3A%2F%2Fevilbasin.exchange-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Immunefi Response

Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.

Immunefi review:

  • The claimed impact Persistent content spoofing / text injection issues by the whitehat is in scope of the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
    • The POC does not demonstrate persistent injection and requires social engineering
  • assessed asset by the triage team is in scope for the bug bounty program
  • PoC has been submitted to the project
  • Technical Review:
  • The POC does not demonstrate persistent injection.

Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.