IGAP Messenger Web Version Insecure Direct Object References Vulnerability

2018.01.19
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

[+] Exploit Title ; IGAP Messenger Web Version Insecure Direct Object References Vulnerability [+] Date : 2018-01-19 [+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS [+] Vendor Homepage : https://web.igap.net/ [+] Version : 3.2.0 [+] Dork : N/A [+] Forum : irethicalhackers.com/forums [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] IGAP is An extremely powerful and popular instant messenger [!] IGAP Has three versions of the desktop - Web and mobile. [!] More than 100,000 users use it in Iran You can Download it from App Store [+] Support Site : [!] https://www.igap.net [+] Poc : [!] With this vulnerability, you can see files on the server [!] You can see files uploaded to groups or personal [!] Even if these files have been deleted And You can Recover your Files ! [!] But you should know that these files are items that have been shared by different people [+] Access To Vulnerability [!] First login to your account [!] And Go This Link : filesystem:https://web.igap.net/temporary/ [!] Of course, you can right-click the file and click on the "Copy Image Address" and see the file [+] Security Level : [!] Low [+] Exploitation Technique: [!] Local [+] Vulnerability Link : [*] filesystem:https://web.igap.net/temporary/ [+] ScreenShot : [!] http://s6.uplod.ir/i/00912/br0rj3z9ntwm.png [+] We Are : Mehrdad_ice [+] 0P3N3R [+] BaxTurk24 [+] S0hp


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top