huntr.dev
Open in
urlscan Pro
2600:9000:223d:fe00:14:bb32:5f00:93a1
Public Scan
URL:
https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637/
Submission: On June 23 via api from US — Scanned from DE
Submission: On June 23 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
huntr Open menu / Bounties 524 Community More Responsible disclosure policy FAQ Contact us Hacktivity Leaderboard Submit report Login Logout huntr Close menu / -------------------------------------------------------------------------------- Bounties Find your next target Submission Submit a report Hacktivity Browse public reports Leaderboard Our leaderboard -------------------------------------------------------------------------------- Policy FAQ Contact us Login RESET API ANY USER VIA IDOR IN USEMEMOS/MEMOS 1 Valid Reported on Dec 22nd 2022 -------------------------------------------------------------------------------- DESCRIPTION Reset API any user without taking action from him via IDOR PROOF OF CONCEPT 1- Create a user 2- Go to setting 3- Open Burp Suite to object to the requisition 4- Click on it Reset API 5- This is the body request > {"id":101,"resetOpenId":true} 6- When changing the "id", for example "102", and sending the request, we notice that the request has been approved and the API is reset with showing the new API to the user, and this is also something that should not happen be shown MORE CLARIFICATION I have a user named TEST, when I make a Reset API for him, I will intercept the request, and I will notice that I have a parameter in the body request with the name "id=101". When it is changed to any number, for example "102", the Reset API will happen to the user whose "id" is 102 IMPACT An attacker can make a Reset API for any user We are processing your report and will contact the usememos/memos team within 24 hours. 6 months ago STEVEN validated this vulnerability 6 months ago samirwaleed has been awarded the disclosure bounty The fix bounty is now up for grabs The researcher's credibility has increased: +7 STEVEN marked this as fixed in 0.9.0 with commit dca35b 6 months ago STEVEN has been awarded the fix bounty This vulnerability has been assigned a CVE STEVEN published this vulnerability 6 months ago Sign in to join this conversation CVE CVE-2022-4686 (published) Vulnerability Type CWE-287: Improper Authentication Severity High (8.6) Attack vector Network Attack complexity Low Privileged required None User interaction None Scope Unchanged Confidentiality High Integrity Low Availability Low Open in visual CVSS calculator Registry Other Affected Version 0.8.3 Visibility Public Status Fixed Found by samirwaleed @samirwaleed LIGHTWEIGHT Fixed by STEVEN @boojack UNPROVEN This report was seen 1,045 times. We are processing your report and will contact the usememos/memos team within 24 hours. 6 months ago STEVEN validated this vulnerability 6 months ago samirwaleed has been awarded the disclosure bounty The fix bounty is now up for grabs The researcher's credibility has increased: +7 STEVEN marked this as fixed in 0.9.0 with commit dca35b 6 months ago STEVEN has been awarded the fix bounty This vulnerability has been assigned a CVE STEVEN published this vulnerability 6 months ago Sign in to join this conversation 2022 © 418sec HUNTR * home * hacktivity * leaderboard * FAQ * contact us * terms * privacy policy PART OF 418SEC * company * about * team Chat with us