Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Insecure Direct Object Reference in Files function #992

Open
KietNA-HPT opened this issue Sep 7, 2021 · 0 comments
Open

Insecure Direct Object Reference in Files function #992

KietNA-HPT opened this issue Sep 7, 2021 · 0 comments

Comments

@KietNA-HPT
Copy link

KietNA-HPT commented Sep 7, 2021

Dear @ignacionelson, @kwadrat ,
I have found an IDOR vulnerability in Files function.

Description

Because of not checking authorization at ids parameter in files-edit.php and id parameter in process.php, The user with uploader role can download,edit all files of users in application

To Reproduce

Download file

  1. Access url /process.php?do=download&id= url
  2. Add value for id parameter from 1 -> ... to download all files in application
    image

Edit File

  1. Access url /files-edit.php?ids=
  2. Add value for id parameter from 1 -> ... to edit all files in application
    Files of user kietna on application
    image
    User kietna edit private file of admin user
    image
    image
    image

Solution

You need to check authorization for id and ids parameters, make sure that a user on the system can only interact with that user's files

@KietNA-HPT KietNA-HPT changed the title Insecure Object Reference in Files function Insecure Direct Object Reference in Files function Sep 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant