Iranian TCI ISP IDOR Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1761082 漏洞类型
发布时间 2019-09-30 更新时间 2019-09-30
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019090191
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+] Exploit Title ; Iranian TCI ISP IDOR Vulnerability

[+] Date : 2019-09-30

[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS

[+] Vendor Homepage : https://tci.ir

[+] Dork : N/A

[+] Version : N/A

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : https://telegram.me/WebServer

[+] Description :

	[!] TCI is iranian isp...

	[!] What is IDOR Vulnerability ?
	
	Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (altrough is not limited to this one) is a record identifier in a storage system (database, filesystem and so on).

IDOR is referenced in element A4 of the OWASP Top 10 in the 2013 edition.

	

[+] Poc :

	[!] https://youtu.be/7bQqlws47AU

[+] hacker can edit the url and see user informations.

	[!] Vulnerable Link :

		[*] https://tci.ir/

	[!] For Ex (We Edit This Link): 

		[*] https://tci.ir/index.html#!/4137768072

[+] Exploitation Technique:

	[!] remote


[+] Severity Level:

	[!] Low

[+] Request Method :

	[!] POST

[+] Vulnerable files :

	[!] index.html

[+] Patch :

	[!] Restrict user input or replace bad characters

[+] We Are :

	[+] 0P3N3R [+]