Hello Dev peeps,
I was on Facebook, scrolling on my News Feed and I came across an Ads regarding an online music web application that was just released. So I decided to visit the website and explored it. There were some free tracks & some premium tracks.
While exploring, something came across my mind, "Is this site really secured ?". This is where my journey started..
A journey of a thousand miles begins with a single step
I did not know exactly how to proceed but the first step was to examine the website through Google Chrome - DevTools.
So I click on a random premium song to see what is going on in the Network tab in the DevTools.
When clicking on the play icon, I was checking the Network and I found 2 interesting URL,
- get-song-info?hash_id=40f65e3dad2b5d1....
- get-track.php?id=I6OTPf15O79FuKg&hash=b28ee5...
Eventually I clicked on both URL, The first one redirect me to a JSON formatted webpage where all the data of the particular song were displayed.
Whereas the second URL show only Access denied
After spending sometime analyzing the situation, I said let's figure out a way to download one premium song without buying it.
My guess was that the Music App Developer use a call to action that trigger a PHP script via an API, when a user click the play icon and this script was returning a "content-type: audio/mpeg".
In other words, the URL that was showing Access denied web page cannot be called directly by copying & pasting the URL in your web browser. It should be called by an API.
I used API TESTER to simulate the test and as expected..
I noticed that in the Network tab in the DevTools, there were other parameters sent as Request Header.
After many trials and errors, I was able to simulate it by adding some of those Request Header
And 💥, I got the Response.. BUT in an unexpected format 😖
But it was not a big deal, I clicked on the eye icon on top-right and the premium song open in another tab in my browser and I was able to listen to it freely without having to buy it.
For your info, I got into contact with the Owner of the Online Music Application to report the issue. I don't know if they fixed it yet
Top comments (1)
Wow, congrats on diving into web penetration testing! It's essential to stay updated with Penetration Testing Companies for insights and best practices. Your journey will surely make a significant impact in the cybersecurity landscape. Keep it up! 💻🛡️