Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Page2Flip 2.5 Missing Access Control

🗓️ 25 Aug 2015 00:00:00Reported by Dr. Erlijn van GenuchtenType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Page2Flip 2.5 Missing Access Control identified by SySS GmbH, allows low privilege user to access admin functionality via URLs, impacting user privacy and system security

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512  
  
Advisory ID: SYSS-2015-033  
Product: Page2Flip  
Vendor: w!ssenswerft GmbH  
Affected Version(s): Premium App 2.5, probably also in Business App   
and Basic App, and in lower versions  
Tested Version(s): Premium App 2.5  
Vulnerability Type: Missing Function Level Access Control (CWE-935)  
Risk Level: High  
Solution Status: Open  
Vendor Notification: 2015-06-29  
Solution Date:   
Public Disclosure:   
CVE Reference: Not yet assigned  
Author of Advisory: Dr. Erlijn van Genuchten (SySS GmbH)  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Overview:  
  
With the Page2Flip Web application, it is possible to create e-papers in  
PDF format that can be flicked through digitally. Such e-papers can be  
used for magazines, catalogues, flyers, etc. (see [1]).  
  
The Page2Flip app allows users to access functionality that should only   
be available for administrative users.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Vulnerability Details:  
  
The SySS GmbH identified that it is possible for a user with low   
privileges, to access functionality that should only be accessible by   
administrators, by directly entering the URL.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Proof of Concept (PoC):  
  
For example, by accessing the URL https://[host]/settings/users, all   
user names and e-mail addresses can be accessed. Also, by accessing the   
URL https://[host]/settings/extended, it is possible to perform the same   
actions as high privileged users are able to perform.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Solution:  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Disclosure Timeline:  
  
2015-06-23: Vulnerability discovered  
2013-06-29: Vulnerability reported to vendor  
2015-07-07: Reported vulnerabilities again as the vendor did not respond   
to the first e-mail  
2015-07-14: Reminder sent concerning reported vulnerabilities  
2015-08-24: Public release of security advisory according to the SySS  
Responsible Disclosure Policy  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
References:  
  
[1] Page2Flip homepage  
http://page2flip.de/  
[2] SySS Responsible Disclosure Policy  
https://www.syss.de/en/news/responsible-disclosure-policy/  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Credits:  
  
Security vulnerability found by Responsible Hacker of the SySS GmbH.  
  
E-Mail: [email protected]  
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Erlijn_vanGenuchten.asc  
Key ID: 0xBD96FF2A  
Key Fingerprint: 17BB 4CED 755A CBB3 2D47 C563 0CA5 8637 BD96 FF2A  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Disclaimer:  
  
The information provided in this security advisory is provided "as is"   
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS Web  
site.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Copyright:  
  
Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1  
  
iQIcBAEBCgAGBQJV2x2wAAoJEAylhje9lv8qwtUP/jFVxKdjZ4xWHKiB2wJNIyN2  
cbJT29BAYGZjcKCtnJm8B6yfRjAN74RWnuD/2j/MUeUTLylOYYdwU8s5Jgne+qKA  
+qdZEHZ60mdxV+09CxGt6FKIvpWXflC7HBK02hrn6ipjmXLjVkXTWtg0pXUZ4Uq7  
TjwC8sjUKhEHgIIlI531e4BXaXFcHm5oVq+byKnxWI9zyYLXL67TDxbDO//c4aGd  
Wy3jRurTtBx/Ugj8/8sVJ/oIs9MSHolMIKyRhUNDHf1AumgZWDwjFe1lhEPOELAo  
qVyUl+q1+52Mk9r8ij0fquTVdZlBg4mlIvnk6cSw83swtSkzmN2L8KdCUZfJHYdW  
FcfuUt2iS/ZbYXrv7sYeuVrvfCjvwblFOVakkZtf4VMwiww5Qbg0n6sKGMhRlE6F  
zVRjjizEgm4LEy8a1wQTm3M5jaWKnGlb32hHvD1NxDOYl+XjKDY/hye58XufTDf9  
/HQyrTpw3YxLe19HODftVqWcDNi6TXmUC2D4d1xhE9dpRo06EwmUx8yGBxQo5Rtd  
hG5xG5C+aMbRqKMk451cEW5bfFMOjss/Ij4AL4SQVegs5QHmtgPpXv6BoARpJOKm  
w92aazYWGJiIAa6aaSwnTInyuStCwXz3m+HCEWpLuG97Aejh1rlSxdEyMU+NKBLK  
PzFMYcFUHie0XHRR/PPv  
=bzNQ  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Aug 2015 00:00Current
0.7Low risk
Vulners AI Score0.7
page2flip; missing access control; syss gmbh; low privileges; admin functionality; user privacy; system security
25