Lucene search

K

Download Manager < 3.2.71 - Broken Access Controls

🗓️ 08 May 2023 00:00:00Reported by Johan KragtType 
wpexploit
 wpexploit
👁 126 Views

Download Manager Broken Access Controls, File Password Bypas

Show more
Related
Code
- Create two password protected files with different passwords. Note the post ID for each file.
- Navigate to the download page for one of the files. E.g. `<host>/download/password_protected_file_1/`
- Click the "Download" button and enter the password.
- The modal will have a new Download button. Click this one, and intercept the request.
- Change the `wpdmdl` URL parameter to the ID of the other file.
- See that the other file is downloaded without using its password.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 May 2023 00:00Current
9.1High risk
Vulners AI Score9.1
EPSS0.001
126
.json
Report