Hacking one of the biggest Japanese car company in the world and buying any car for 0$-$50

Hello everyone, I hope you are having fun with everything you engage with in this earthly life but remember always be at peace with the universal energies filled in this world.

This is my first write up on medium and I’m going to share some interesting findings in the area of Cyber Security which blew my mind and I call it URI|URL handling which are caused by mishandling of some in dept. parameters.

Don’t worry if you are not in the field of Cyber Security I’ll break this down to the lowest form for anyone to understand its concepts.

Firstly, we must look at URL|URI programming and how it birthed this vulnerability.

Using this diagram below I will quickly explain the basic idea revolving around the concept of URL|URI programming.

URL TRANSPORTATION REQUEST & RESPONSE FORMAT

Looking closely at (1) we realized that you asked the web server for a certain resource something like following the canonical >> http|https://host:port/path/file.

http|https://greyhatcybersolutions.000webhostapp.com:8080|443 (test example)

Looking at (2) we realized that our requests has transcended using the GET request format which moves towards the server.

At (3) the server looks for the requested file from the browser using some certain mechanics.

If the file is REQUESTED is found then:

At (4) the server sends back the requested file to the browser thus At(5) the browser renders the information gotten for the user.

The mechanism above gave rise to the bug which affected the URI drastically and which i used to MISHANDLE AN INVOICE FOR A BIG CAR COMPANY FROM JAPAN(Yeah!! i know what you are thinking.

I love Ethical hacking|Cyber Security a lot and love to stay in my boundaries remember this is for educational purposes only.)

Lets get straight into action , tools needed for the exploit are:

(1) Browser

(2) Brain (Working one filled with good vibrations)

DEFAULT PARAMETER

After looking closely at that parameter considering the fact that there were constant use of the ampersand (&) So I invoked the encoding features of the URI|URL by changing it from UTF-8 to a completely masked character showing in some other language different from what is being sanitized across the server.

To understand the full concept of character encoding you can check here

After the complete handling I found some interesting stuffs which blew my mind.

This was the information gotten from at initial stage of the attack when the encoded values of most parameters has not transcended past the filters.

After the values has been mishandled it resulted to the server sending an altered response that does not correspond to its initials.

The hacker only makes a gross payment of dollars based on its warranty the problem here is most attacks can translate themselves into more devastating attacks of the hacker is very creative.

Thank you for reading you can relate with me on this platforms.

https://t.me/ETHICALHACKERSC LEGEND(L0g1c) |

greyhatcybersolutions@gmail.com |

https://twitter.com/0x10010A

Greetings to all members of the SHADOW PYRATICAS BROAD.

REMEMBER: Light needs darkness to shine.

--

--

--

I'm deeply in love with cyber security and its related components and always look forward to learning new things for its ever dynamic

Recommended from Medium

microsoft authenticator app bypass time-based stop otp refreshing

Absolutely Secure Platform — Bityard

Tryhackme:HeartBleed

{UPDATE} Allá de los sueños para los niños 2. premium Hack Free Resources Generator

Email Spoofing and the savior — DMARC

A Sample email part of the COVID campaign published by Sophos

UTC Tuesday November 16, 2021 | The Lunacian Daily — Axie Infinity News

A Kleros Curate Mini-Story

Stalker Software: How Can You Catch Spy Software On Your Phone?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abdul kabir

Abdul kabir

I'm deeply in love with cyber security and its related components and always look forward to learning new things for its ever dynamic

More from Medium

Security Advisory: SonicWall Authentication Vulnerability

How to protect yourself from Hackers?

Wicked6 Cyber Games 2022 | Winja CTF Writeup

Log4J / CVE-2021–44228