Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrBauh0lz3ADEF66F-FC86-4E6D-A540-2FFA59342FF0
HistoryJan 04, 2023 - 1:28 p.m.

IDOR allowing to see other users' entries

2023-01-0413:28:07
bauh0lz
www.huntr.dev
8
idor vulnerability
export functionality
user entries
bug bounty

0.001 Low

EPSS

Percentile

23.5%

JSON

Description

The exporting entry functionality is vulnerable to an IDOR attack.

Proof of Concept

  1. Create a new entry as an existing user. Let’s say the entry’s id is 1.
  2. Create a new user and login as them.
  3. Go to http://localhost:8000/export/1.txt.

Related

osv 2
veracode 1
cvelist 1
cve 1
prion 1
nvd 1
github 1
cnvd 1
osv
osv
wallabag contains Improper Authorization via export feature
2023-02-02 19:26:44
CVE-2023-0609
2023-02-01 12:15:09
veracode
veracode
Improper Authorization
2023-02-02 06:50:17
cvelist
cvelist
CVE-2023-0609 Improper Authorization in wallabag/wallabag
2023-02-01 00:00:00
cve
cve
CVE-2023-0609
2023-02-01 12:15:09
prion
prion
Authorization
2023-02-01 12:15:00
nvd
nvd
CVE-2023-0609
2023-02-01 12:15:09
github
github
wallabag contains Improper Authorization via export feature
2023-02-02 19:26:44
cnvd
cnvd
wallabag authorization issue vulnerability
2023-02-09 00:00:00

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for 3ADEF66F-FC86-4E6D-A540-2FFA59342FF0
osv2veracode1cvelist1cve1prion1nvd1github1cnvd1