About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Help Scout - Mass assignment vulnerability on inbox settings - 1500

SynacktivPosted 1 Year Ago
  • Help Scout is a shared inbox, help center and live chat software to manage customer communications. Among other things, emails can be sent to customers from external email addresses proxied through Help Scout.
  • To add an email to a shared inbox, a verification code is sent to the email to ensure that you have control over it. Once this has been verified, emails can be sent through the email address.
  • This is a two step process: the setting and verification. When retrieving the information on response, the authors noticed the field emailIsConfirmed. By setting this value in the JSON of the setting request, the email will be verified. This is commonly referred to as a mass assignment vulnerability but isn't super common.
  • Since the email is going through Help Scout and it has verified the proxied email, the SPF and DKIM verification will pass. This allows for the spoofing of an arbitrary sender with domain verification on Help Scout. Wordpress, pypi, mailchip and digital ocean are big targets that use the platform. Overall, a good post that is straight to the point.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed