[+] Exploit Title ; IGAP Messenger Web Version Insecure Direct Object References Vulnerability
[+] Date : 2018-01-19
[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : https://web.igap.net/
[+] Version : 3.2.0
[+] Dork : N/A
[+] Forum : irethicalhackers.com/forums
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Description :
[!] IGAP is An extremely powerful and popular instant messenger
[!] IGAP Has three versions of the desktop - Web and mobile.
[!] More than 100,000 users use it in Iran You can Download it from App Store
[+] Support Site :
[!] https://www.igap.net
[+] Poc :
[!] With this vulnerability, you can see files on the server
[!] You can see files uploaded to groups or personal
[!] Even if these files have been deleted And You can Recover your Files !
[!] But you should know that these files are items that have been shared by different people
[+] Access To Vulnerability
[!] First login to your account
[!] And Go This Link : filesystem:https://web.igap.net/temporary/
[!] Of course, you can right-click the file and click on the "Copy Image Address" and see the file
[+] Security Level :
[!] Low
[+] Exploitation Technique:
[!] Local
[+] Vulnerability Link :
[*] filesystem:https://web.igap.net/temporary/
[+] ScreenShot :
[!] http://s6.uplod.ir/i/00912/br0rj3z9ntwm.png
[+] We Are : Mehrdad_ice [+] 0P3N3R [+] BaxTurk24 [+] S0hp