A momcom exploit for the popular momcom app (www.momscom.com) has been discovered, leading to a few more vulnerabilities that have been exploited in the wild.
The vulnerability was first reported on July 1, 2018, by a user of the blog Mother of the Blogger, which was published by a parent company of the momcom.
The blog post was shared on July 12, 2018 by a hacker who goes by the handle “Pawyawy”.
He wrote that he discovered the vulnerability on July 2, 2018.
The momcom vulnerability was patched in August 2018, according to the vulnerability bulletin from Mother of The Blogger.
A mothercom exploit requires that a user send a specially crafted HTTP request to the mothercom server, with the following headers:Connection: Keep-AliveHost: mumcom.tumblr.comServer: mum.tumblr[…]
This request should be processed by the mumcom server with the same privileges as the hostname being passed to the request.
If the request does not succeed, the mother com server will send an HTTP response back to the user.
The response should contain the content of the request, with an error code of 302 or 401, depending on the error codes of the mothernet servers.
Pawyr told Mother of Blogger that he found the exploit on July 10, 2018 on the blog, which has since been taken down.
“This is a bug in the mothernets, not momcom,” he wrote.
“It’s a great way to test a vulnerability, because if someone finds this, they can use it to find bugs and exploits in the momnet.”
In this image, you can see the error message of the HTTP response that was sent back to a user on July 11, 2018 that contained the Content-Type header of the response that came back with the response code 302 or 404.
Paws wrote that his momcom blog post also contained a link to a Pastebin post containing instructions on how to exploit this vulnerability.
He said he found this post and shared it on his blog because he was worried that other parents were also using the mom com exploit.
“I’m not sure how widespread it is, but it seems to be a fairly common problem that we have seen many times before,” he said.
“If I see this happen more often, it’s not surprising that I find the mom net more often.”
In addition to this momcom, there are also a few other momnet vulnerabilities that are not related to momcom: