Vulnerability Summary
An Insecure Direct Object Reference (IDOR) vulnerability in the organization API allows authenticated users to manipulate the identifier parameter and retrieve plaintext SFTP credentials belonging to other users or organizations, potentially leading to unauthorized access to sensitive files stored on the SFTP server.
The application under review includes a feature enabling administrators to import files from an SFTP server. This operation requires authentication to the SFTP service using valid credentials tied to a specific organizational account.
The application's workflow involves obtaining SFTP credentials via an internal API endpoint. Once retrieved, these credentials are used to establish a connection to the SFTP server, allowing access to files within the designated user directory.
Given the reliance on dynamically retrieved credentials from the backend, securing the API endpoints that provide these credentials is paramount.
heroxo9868Missing authorization checks allow unauthorized users to remove staff members from accounts they do not own, leading to potential disruption and abuse.
misesop375During a recent engagement on a food industry B2B platform, I discovered a vulnerability chain that allowed me to dump the entire database of users registered for a corporate event. By chaining a sequential ID enumeration vulnerability with a secondary IDOR on the “Edit Profile” endpoint - and optimizing the attack by identifying a weakness in the ID generation logic - I was able to access the Personally Identifiable Information (PII) of all event attendees.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3467641 by perxibes
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In