Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3325582 by adilnbabras
Hi team, while reviewing the Mozilla Pontoon source code, I have found that a new feature has been added to Generate and Delete Personal Access Tokens for the Rest API. To Delete a token, a user sends a POST request to /delete-token/{token_id}/ endpoint with the numeric token ID. The developer forgot to put a check on user permissions at this endpoint, which allows a user to delete anyone's Personal Access Token.
Log in to your Victim account at https://mozilla-pontoon-staging.herokuapp.com/.
On the top right corner, click on your profile icon and from the dropdown menu, click on settings.
███████
Burp Suite, to capture incoming requests and change your display name.
pyus3rAn unauthenticated AEM Sling servlet exposes four CRUD operations (getData / getDataById / setData / updateData) on the internal marketing-campaign database via a single option request header. The only access control is a Referer string check that any HTTP client trivially bypasses. Anonymous attackers can read the full 79-campaign dataset (including internal segmentation logic and the names of internal prospect databases), create arbitrary new campaigns in the production backoffice, and overwrite existing real production campaigns.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3676308 by glferreira-devsecops
gpk21No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In