2018 matches found
Veris: Critical IDOR - Delete any rule of any organization remotely
Hello Team, I have found a critical IDOR issue which escalates a user privilege and allows and attacker to delete any rule of any organization remotely through his own account by just changing the rule id in DELETE Request. This is again similar to previously reported critical IDORs to delete a...
Veris: Critical IDOR - Delete any venue of any organization remotely
Hello Team, I have found a critical IDOR issue which escalates a user privilege and allows and attacker to delete any venue of any organization remotely through his own account by just changing the venue id in DELETE Request. This is again similar to previously reported critical IDORs to delete a...
Veris: Critical IDOR - Delete any group of any organization remotely
Hello Team, I have found a critical IDOR for deleting any groups of any organization remotely. It means an attacker can easily delete any group of any organization from his account by just chaning the groupid in delete request. This is similar to previously reported IDOR to delete any members. So...
Veris: Critical - Insecure Direct Object Reference - Deleting any member of any organization remotely
Hello Team, I have found an extremely critical issue with the help of which an attacker can delete any member of any organization. The vulnerability is Insecure Direct Object ReferenceIDOR which leads to privilege escalation as an attacker can perform such a critical attack from his own account...
Chamilo LMS IDOR - messageId Delete POST Injection
Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...
Chamilo LMS IDOR - 'messageId' Delete POST Injection
Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability...
Chamilo LMS IDOR - (messageId) Delete POST Injection
Exploit for php platform in category web applications Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Product & Service Introduction: =============================== Chamilo is an open-source under...
X (Formerly Twitter): Urgent : Unauthorised Access to Media content of all Direct messages and protected tweets(Indirect object reference)
Hi Team, You can tweet from your ad account while creating a campaign.When you add a media content from your computer and upload it there is a Json request which gives you the link of your mediaPhotos to preview before Tweeting.This link is Vulnerable to IDOR Attack and it leads to disclose all t...
X (Formerly Twitter): IDOR- Activate Mopub on different organizations- steal api token- Fabric.io
Hello, There is an option to enroll your organization in fabric.io for mopub , but this particular end point is missing proper authorization checks allowing any user to steal API tokens. Vulnerable request ================ POST /api/v3/organizations/5460d2394b793294df01104a/mopub/activate HTTP/1....
Automattic: WooCommerce: Support Ticket indirect object reference
Hi there's no protection against Idor, so i can comment on anyone's Ticket. Reproduce Issue: 1.Go Here: https://www.woothemes.com/my-account/tickets/ 2.Create a new Ticket suppose ticked id is : 340529 Comment something on 340529 Ticket, and capture that request In Burp suite. here's the request:...
Job Manager <= 0.7.25 - Insecure Direct Object Reference (IDOR)
It is possible to enumerate the CV filename that is uploaded on the server and then access the CV file by performing a bruteforce attack to the wordpress upload directory structure...
Shopify: IDOR expire other user sessions
Hi here attacker able to expire other user session just changing the request Steps: 1. Login as Attacker 2. Go to account settings 3. Click on expire all session and capture request 4. replace account id with victim and forward 5. victim account logged out request POST...
Airbnb: Generating Unlimited Free Travel Gift Invites | IDOR
After registration you can invite your friends to get some offer on there first trip. Notice that this system is flawed and attacker can generate as many invites he wants without going through the system at all. Original Invite link:...
Vimeo: Vimeo.com Insecure Direct Object References Reset Password
Hello, my name is Toufik Airane. This is Responsible Disclosure and Silent Disclosure. Thanks you to opened bug bounty program! Please find a proof of concept for IDOR attack on famous vimeo.com. With this IDOR, attacker can reset any password, of any account and take controle of it. Please, find...
Facebook BB #18 - IDOR Issue & Privacy Vulnerability
Document Title: =============== Facebook BB 18 - IDOR Issue & Privacy Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1371 Facebook Security ID: 219208937 Release Date: ============= 2014-12-12 Vulnerability Laboratory ID VL-ID:...
Facebook BB #18 - IDOR Issue & Privacy Vulnerability
Document Title: =============== Facebook BB 18 - IDOR Issue & Privacy Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1371 Facebook Security ID: 219208937 Release Date: ============= 2014-12-12 Vulnerability Laboratory ID VL-ID:...
Eobot: IDOR on https://www.eobot.com/paypal
POC :- video attached...
Meta: IDOR in Facebook Messages webcam photos
I found that photos people take with their webcam within private message conversations can be accessed without proper authorization via a photo preview mechanism. Even when the sender decides to discard the image after seeing the preview, it can later still be retrieved through this same preview...