Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3378540 by theokeen
I received an email from the new points and rewards system stating that I had reached Level 4, and the reward was a 3-month Burp Suite Pro license (sponsored by PortSwigger). The email included a “Redeem it here” button, which redirected me to a Google Form. After filling out the form, I received a valid license in my email.
The issue is that there is no validation or verification tied to the user’s account, which allows an attacker to obtain multiple licenses simply by using different email addresses.
Evidence
Email content (relevant section):
Hi theokeen, You’ve reached Level 4!
pyus3rAn unauthenticated AEM Sling servlet exposes four CRUD operations (getData / getDataById / setData / updateData) on the internal marketing-campaign database via a single option request header. The only access control is a Referer string check that any HTTP client trivially bypasses. Anonymous attackers can read the full 79-campaign dataset (including internal segmentation logic and the names of internal prospect databases), create arbitrary new campaigns in the production backoffice, and overwrite existing real production campaigns.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3676308 by glferreira-devsecops
gpk21No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In