Because of not checking authorization at ids parameter in files-edit.php and id parameter in process.php, The user with uploader role can download,edit all files of users in application
To Reproduce
Download file
Access url /process.php?do=download&id= url
Add value for id parameter from 1 -> ... to download all files in application
Edit File
Access url /files-edit.php?ids=
Add value for id parameter from 1 -> ... to edit all files in application
Files of user kietna on application
User kietna edit private file of admin user
Solution
You need to check authorization for id and ids parameters, make sure that a user on the system can only interact with that user's files
The text was updated successfully, but these errors were encountered:
KietNA-HPT
changed the title
Insecure Object Reference in Files function
Insecure Direct Object Reference in Files function
Sep 7, 2021
Dear @ignacionelson, @kwadrat ,
I have found an IDOR vulnerability in
Filesfunction.Description
Because of not checking authorization at
idsparameter infiles-edit.phpandidparameter inprocess.php, The user with uploader role candownload,editall files of users in applicationTo Reproduce
Download file
/process.php?do=download&id=urlidparameter from1->...to download all files in applicationEdit File
/files-edit.php?ids=1->...to edit all files in applicationFiles of user
kietnaon applicationUser
kietnaedit private file ofadminuserSolution
You need to check authorization for
idandidsparameters, make sure that a user on the system can only interact with that user's filesThe text was updated successfully, but these errors were encountered: