Overview
In a recent security assessment, TwinTech Solutions uncovered a critical vulnerability in a major Indian insurance provider’s web application. This flaw exposed sensitive customer data—including PAN numbers, policy details, and registration information—through a publicly accessible feedback form. The discovery underscores the importance of proactive security practices and the power of simple reconnaissance techniques.
Discovery Through Google Dorking
The vulnerability was identified during the reconnaissance phase using a technique known as Google Dorking. By crafting a specific search query:
inurl:”/sms”
our team discovered an endpoint resembling:
www.xxxxxxxxxxxx.com/en/surveyApp/viewSurvey/1000000/SMS
This URL led to a feedback form where users could submit their experiences. However, it also inadvertently exposed sensitive customer data such as:
– Customer Name
– Policy Number
– PAN Card Number
– Registration Number
The Vulnerability: Insecure Direct Object Reference (IDOR)
The application failed to implement proper authentication or session validation. By simply modifying the numeric ID in the URL (e.g., changing `1000000` to `1000001`, `1000002`, etc.), anyone could access other users’ feedback forms. This is a textbook example of an IDOR vulnerability, allowing unauthorized access to private data.
Even more concerning, malicious actors could submit fake feedback on behalf of customers, potentially manipulating internal systems or customer records.
Escalating the Impact
Initially, the vulnerability seemed limited to feedback manipulation. However, our team recognized a deeper risk: the feedback forms contained authentication-relevant data such as policy numbers and PAN details.
Some login functions on the site required only a policy number and registration date. By automating data extraction from these forms, we were able to collect over 10,000+ sensitive records—a treasure trove for potential attackers.
Responsible Disclosure and Remediation
Upon confirming the severity of the issue, TwinTech Solutions immediately reported the vulnerability to CERT-IN. The response was swift and professional. The issue was acknowledged as critical, and a patch was deployed promptly to secure the endpoint and prevent further data exposure.
Conclusion
This case highlights the importance of thorough security testing and the value of thinking like an attacker. At TwinTech Solutions, we pride ourselves on our proactive approach and technical depth. By leveraging advanced techniques and automation, we help organizations stay one step ahead of cyber threats.
Security isn’t just about tools—it’s about mindset.
