huntr.dev Open in urlscan Pro
2600:9000:223d:fe00:14:bb32:5f00:93a1  Public Scan

Form analysis
0 forms found in the DOM

Text Content

huntr
Open menu
/
Bounties 524 Community More

Responsible disclosure policy

FAQ

Contact us

Hacktivity

Leaderboard

Submit report Login

Logout

huntr
Close menu
/

--------------------------------------------------------------------------------

Bounties
Find your next target
Submission
Submit a report
Hacktivity
Browse public reports
Leaderboard
Our leaderboard

--------------------------------------------------------------------------------

Policy FAQ Contact us
Login


RESET API ANY USER VIA IDOR IN USEMEMOS/MEMOS

1

Valid

Reported on

Dec 22nd 2022

--------------------------------------------------------------------------------


DESCRIPTION

Reset API any user without taking action from him via IDOR


PROOF OF CONCEPT

1- Create a user

2- Go to setting

3- Open Burp Suite to object to the requisition

4- Click on it Reset API

5- This is the body request > {"id":101,"resetOpenId":true}

6- When changing the "id", for example "102", and sending the request, we notice
that the request has been approved and the API is reset with showing the new API
to the user, and this is also something that should not happen be shown


MORE CLARIFICATION

I have a user named TEST, when I make a Reset API for him, I will intercept the
request, and I will notice that I have a parameter in the body request with the
name "id=101". When it is changed to any number, for example "102", the Reset
API will happen to the user whose "id" is 102


IMPACT

An attacker can make a Reset API for any user

We are processing your report and will contact the usememos/memos team within 24
hours. 6 months ago
STEVEN validated this vulnerability 6 months ago
samirwaleed has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
STEVEN marked this as fixed in 0.9.0 with commit dca35b 6 months ago
STEVEN has been awarded the fix bounty
This vulnerability has been assigned a CVE
STEVEN published this vulnerability 6 months ago
Sign in to join this conversation
CVE

CVE-2022-4686 (published)
Vulnerability Type
CWE-287: Improper Authentication
Severity
High (8.6)
Attack vector Network
Attack complexity Low
Privileged required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability Low
Open in visual CVSS calculator
Registry
Other
Affected Version


0.8.3

Visibility
Public
Status
Fixed

Found by

samirwaleed
@samirwaleed
LIGHTWEIGHT


Fixed by

STEVEN
@boojack
UNPROVEN

This report was seen 1,045 times.
We are processing your report and will contact the usememos/memos team within 24
hours. 6 months ago
STEVEN validated this vulnerability 6 months ago
samirwaleed has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
STEVEN marked this as fixed in 0.9.0 with commit dca35b 6 months ago
STEVEN has been awarded the fix bounty
This vulnerability has been assigned a CVE
STEVEN published this vulnerability 6 months ago
Sign in to join this conversation

2022 © 418sec




HUNTR

 * home
 * hacktivity
 * leaderboard
 * FAQ
 * contact us
 * terms
 * privacy policy


PART OF 418SEC

 * company
 * about
 * team



Chat with us