In 2022, OpenSea had more than 1 million members who had registered and more than 121 million people visited the website each month. Because of this, OpenSea is not only the biggest NFT market but also a highly attractive target for cybercriminals. Any platform flaw could present a chance for criminal activity and result in catastrophe for gullible consumers.
The cross-site search vulnerability, which a hacker can use to gain user identities, was made possible by a misconfiguration.
According to the report, OpenSea has subsequently issued a patch to address the problem. In order to reduce the possibility of additional exploitation, the patch limits cross-origin communication. The vulnerability no longer exists, according to the cyber security company’s analysis of the remedy.
Web applications which use query-based search systems are vulnerable to cross-site search. By submitting queries and looking for variations in the search system’s behavior when it returns or doesn’t, it enables an attacker to retrieve sensitive data from another origin.
After confirming that the fundamental exploit strategies were effective, researchers started looking at OpenSea’s search feature. ElasticSearch was referenced by the company in one of their job listings, therefore this is probably the engine they utilize for their search function.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: