Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrLujiefsi6644B36E-603D-4DBE-8EE2-5DF8B8FB2E22
HistoryMay 13, 2023 - 2:07 p.m.

IDOR 漏洞使得攻击者可以在一个组织内任意添加、删除、修改工作空间

2023-05-1314:07:28
lujiefsi
www.huntr.dev
14
idor vulnerability
attack scenario
organizational workspace.

0.001 Low

EPSS

Percentile

34.7%

JSON

Proof of Concept

1 系统中存在两个组织,team1和team2
2 用户user1是 team1 的管理员, 不是team2的管理员
3 用户1在team1中创建工作空间,名为workspace1.
4 用户1使用burpsuit拦截请求,在请求中将team1的ID换成team2的ID
5 查看请求,结果显示成功,用户1可以在team2中任意创建工作空间。

复现视频:https://1drv.ms/v/s!Avwg5C1eKVA4gispbgvOYQkvQ9KP?e=4yimBo

Related

cve 1
nvd 1
prion 1
osv 1
cvelist 1
cve
cve
CVE-2023-2844
2023-05-23 04:15:09
nvd
nvd
CVE-2023-2844
2023-05-23 04:15:09
prion
prion
Authorization
2023-05-23 04:15:00
osv
osv
CVE-2023-2844
2023-05-23 04:15:09
cvelist
cvelist
CVE-2023-2844 Authorization Bypass Through User-Controlled Key in cloudexplorer-dev/cloudexplorer-lite
2023-05-23 00:00:00

0.001 Low

EPSS

Percentile

34.7%

JSON
Related for 6644B36E-603D-4DBE-8EE2-5DF8B8FB2E22
cve1nvd1prion1osv1cvelist1