Vulnerabilities

Threat Actor Exposes Multiple Vulnerabilities in FBI Online Portal

A hacker has shared multiple vulnerabilities present in the FBI's online portal on a dark web crime forum.

Marco Rizal
By Marco Rizal - Editor, Journalist 4 Min Read
Threat Actor Exposes Multiple Vulnerabilities in FBI Online Portal

According to the claims, a threat actor named Hex0rb has apparently discovered a number of vulnerabilities in the FBI's online portal.

This information was shared on a dark web cybercrime forum called BreachForums, which is notorious for attracting cybercriminals. Despite the FBI's efforts to shut it down, the forum quickly resurfaced.

It is possible that the threat actor did not directly disclose the information to the organization, indicating that they may have shared it on a crime forum for others to exploit.

image 6
Threat actor's post on BreachForums

Hex0rb found multiple vulnerabilities, such as Command Injection, Cross-Site Request Forgery (CSRF), Server-Side Template Injection (SSTI), HTTP Parameter Pollution, Clickjacking, Sensitive Data Exposure, HTTP Response Splitting, HTTP Smuggling, Web Cache Deception, HTTP Desync, SSI Injection, and HTTP Method Override.

Here are the following vulnerabilities found:

  • Command Injection: Allows attackers to execute arbitrary commands on the host operating system through a vulnerable application.
  • Cross-Site Request Forgery (CSRF): Tricks a user into performing actions on a web application without their consent.
  • Server-Side Template Injection (SSTI): Permits attackers to inject malicious code into server-side templates, potentially leading to remote code execution.
  • HTTP Parameter Pollution: Manipulates or interferes with web application logic by sending multiple HTTP parameters with the same name.
  • Clickjacking: Deceives users into clicking on something different from what they perceive, potentially revealing confidential information or allowing unauthorized actions.
  • Sensitive Data Exposure: Leaks sensitive information like passwords or credit card details due to inadequate data protection.
  • HTTP Response Splitting: Allows attackers to inject additional HTTP headers or split responses, leading to security issues like cache poisoning and cross-site scripting (XSS).
  • HTTP Smuggling: Manipulates how a web server processes HTTP requests, causing security controls to be bypassed.
  • Web Cache Deception: Tricks web caches into storing sensitive information, making it accessible to unauthorized users.
  • HTTP Desync: Causes misinterpretation of HTTP request boundaries, leading to security vulnerabilities like information disclosure.
  • SSI Injection: Injects server-side directives into HTML files, allowing execution of commands or inclusion of files on the server.
  • HTTP Method Override: Alters the HTTP method used by an application, potentially bypassing security mechanisms.

Hex0rb shared a text file that clearly outlines the strengths and weaknesses of the FBI portal, emphasizing the areas where the portal may be vulnerable to attacks.

As an illustration, the file clearly identified Command Injection and CSRF as vulnerabilities, while stating that Local File Inclusion (LFI) and Remote File Inclusion (RFI) were not.

Vulnerabilities Disclosed by Hacker
Vulnerabilities disclosed by hacker

The hacker also noted that these vulnerabilities were used to acquire an AES-encrypted file from the FBI's portal.

Hex0rb confirmed that they had successfully executed the commands when asked about their actions with these vulnerabilities. This confirmation was revealed when they leaked the AES-encrypted file that they obtained from the FBI portal.

A cybersecurity researcher, who provided their perspective, expressed doubt regarding any attempts to exploit these vulnerabilities.

“Even with the amount of vulnerability there is to it, nobody in their right mind would dare attack the FBI portal website. They do not want to be on the wanted list nor be targeted by one of the most feared organizations in the United States, just for clout.”

Hex0rb has a track record of focusing on prominent organizations. This threat actor has also been known to scrape data from FBI and CIA servers and share encrypted AES files obtained from these agencies.

More Stories

Major Security Flaws Found in Widely-Used Discourse Forum

Newly Discovered Vulnerability Poses Risk to Millions of Online Stores

Critical Docker Vulnerability Could Grant Hackers Full Access

Fortinet’s FortiManager Zero-Day Flaw News Spreads Faster Than Their Fix

Leave a comment

Latest stories