Vulnerability Summary
An IDOR vulnerability in a notification configuration endpoint allows an authenticated attacker to modify org_id and username_id to access sensitive user data from other organizations (email, phone, role, etc.).
This program manages organizations similar to Slack or Microsoft Teams. Within these organizations, there are multiple users. As an organization administrator, there is an option to configure the notifications that each selected user within the organization will receive. The IDOR vulnerability is found in the request made when changing this configuration, revealing very confidential information about users from all organizations, such as name, phone number, email address, etc.
heroxo9868Missing authorization checks allow unauthorized users to remove staff members from accounts they do not own, leading to potential disruption and abuse.
misesop375During a recent engagement on a food industry B2B platform, I discovered a vulnerability chain that allowed me to dump the entire database of users registered for a corporate event. By chaining a sequential ID enumeration vulnerability with a secondary IDOR on the “Edit Profile” endpoint - and optimizing the attack by identifying a weakness in the ID generation logic - I was able to access the Personally Identifiable Information (PII) of all event attendees.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3467641 by perxibes
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In