If you ever need to hire hackers for your hacking needs, visit CyberTechie.Org. The CyberTechie.org website is the safest and most genuine website on the surface web that lets you hire a hacker for all hacking services which cover everything from email hacking to the website and database hacking.
While hacking isn’t essentially a criminal offence, the term will have a significant negative connotation and you know you can hire hackers on the internet, however most if not all of the hackers for hire within any agency would lurk on the dark web as criminals.
How to hack Clubhouse.
The flaw that I discovered here is actually quite elementary, and it was one of the interesting discoveries that I made while working with the clubhouse team. However, the impact of the vulnerability itself is what makes this situation particularly interesting.
I felt compelled to write about this topic for a few reasons: first, to set the record straight, as a lot of people have been inquiring as to what became of my followers; second, to contribute some new information to the community; and third, to repay the community for the amount of entertainment I had while looking for it.
I found a lot of people talking about the app and how cool it was when I first heard about clubhouse back in January. As a result, I decided to join and see how I could gain some knowledge and possibly assist others. As a naturally inquisitive person (and like any other hacker), I made the decision to investigate the application’s inner workings in order to better understand how it performed its functions. I went out and purchased a second iPhone specifically for the purpose of accomplishing this.
I was initially successful in locating a bug referred to as a persistent session token, which means that the session token does not change even if you login on a different device; however, this flaw was not nearly as interesting as the vulnerability referred to as unlimited followers that followed it.
I noticed that the application makes a specific call to the endpoint /api/follow multiple, which permits a user to follow multiple clubhouse users. This allows the user to sort of curate the kind of room he will have access to after the onboarding process has been completed.
I thought it would be interesting to experiment with the request by changing it so that instead of passing multiple user ids to the /api/follow multiple api, I only passed a single user id and saw what happened.
It struck me as odd when I noticed that the user id that was passed was immediately followed by the number of times his user id appeared in the array list.
Prior to Executing the Request Following the Execution of the Request
After putting the request through its paces a few times
It is worth noting, however, that earlier on I attempted to follow a single user by calling the /api/follow endpoint, which is called when you try to follow a single user, but it was unsuccessful. This is an interesting fact.
This was the last time I communicated with the clubhouse team, and after this, I sent a number of emails requesting confirmation that my report had been received; however, I did not receive any response. After three weeks, I noticed that the vulnerability had been partially fixed and could no longer be reproduced. However, I still had the invalid followers that I had given myself (didn’t expect to have the followers for that long). I further emailed the team, but I did not receive a response.
Finally, in the month of May, the clubhouse team performed a reset of the followers, which resulted in the invalid followers being removed from both my account and the accounts of any other users who had the same type of invalid followers.
Note that not many people are aware that clubhouse.com, like many other businesses, runs a bug bounty program on hackerone and also accepts submissions through email (even though they might reply late or not at all). This is something that many people do not know.
As we’ve seen in this article, a developer can make an incorrect assumption, so as a piece of advice for researchers, if you try an approach and it doesn’t work with an API endpoint, that doesn’t necessarily mean it wouldn’t work with another API endpoint within the same application. I hope you enjoyed your read, and I hope to see you in my next post. Thank you so much for reading, and finally.