Iranian TCI ISP IDOR Vulnerability

2019.09.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Exploit Title ; Iranian TCI ISP IDOR Vulnerability [+] Date : 2019-09-30 [+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS [+] Vendor Homepage : https://tci.ir [+] Dork : N/A [+] Version : N/A [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] TCI is iranian isp... [!] What is IDOR Vulnerability ? Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (altrough is not limited to this one) is a record identifier in a storage system (database, filesystem and so on). IDOR is referenced in element A4 of the OWASP Top 10 in the 2013 edition. [+] Poc : [!] https://youtu.be/7bQqlws47AU [+] hacker can edit the url and see user informations. [!] Vulnerable Link : [*] https://tci.ir/ [!] For Ex (We Edit This Link): [*] https://tci.ir/index.html#!/4137768072 [+] Exploitation Technique: [!] remote [+] Severity Level: [!] Low [+] Request Method : [!] POST [+] Vulnerable files : [!] index.html [+] Patch : [!] Restrict user input or replace bad characters [+] We Are : [+] 0P3N3R [+]


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top