U.S. Dept Of Defense: IDOR leads to view other user Biographical details (Possible PII LEAK)

The researcher discovered an Insecure Direct Object Reference IDOR vulnerability in the www.██████████ domain. The vulnerability allowed a user to access other users' biographical details, leading to a potential Personally Identifiable Information PII leak. The vulnerable endpoints were located i...

Archive any private memos + Delete any Shortcut + Edit any Shortcut from other users

Description User can archive any private memos, Delete any Shortcut and Edit any Shortcut from other users via api PATCH /api/memo/8 HTTP/1.1 "id":8,"rowStatus":"ARCHIVED" PATCH /api/shortcut/2 HTTP/1.1 "id":2,"title":"shortahihix","payload":"" DELETE /api/shortcut/2 Proof of Concept Login to...

Session Fixation in admidio/admidio

Description admin create a membermember role user named B then B log in to the Admidio after that user B already logged into the Admidio, Admin decide to delete all Roles of user B but user B can do anything that he/she can do before...

in bigprof-software/online-rental-property-manager

💥 BUG privilege escalation bug to add employmentandincomehistory to a applicant . 💥 IMPACT unprivileged user can add employmentandincomehistory to a applicant 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B...

Improper Privilege Management in bigprof-software/online-rental-property-manager

💥 BUG privilege escalation bug to add residenceandrental to a applicant . 💥 IMPACT unprivileged user can add residenceandrental to a applicant 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG Stored xss via client address in invoice 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add a new user called user-B with read-write permission in invoice/client module .\ 2...

Trint Ltd: IDOR to update folder name of other user

Summary There is an IDOR to update folder name of other user Steps To Reproduce: - user A login to the application and see the folder name F494331 - user B login to the application and call the API with the projectId of user A POST / HTTP/1.1 Host: graphql2.trint.com User-Agent: Mozilla/5.0 Windo...