[+] Exploit Title ; Iranian TCI ISP IDOR Vulnerability [+] Date : 2019-09-30 [+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS [+] Vendor Homepage : https://tci.ir [+] Dork : N/A [+] Version : N/A [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] TCI is iranian isp... [!] What is IDOR Vulnerability ? Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (altrough is not limited to this one) is a record identifier in a storage system (database, filesystem and so on). IDOR is referenced in element A4 of the OWASP Top 10 in the 2013 edition. [+] Poc : [!] https://youtu.be/7bQqlws47AU [+] hacker can edit the url and see user informations. [!] Vulnerable Link : [*] https://tci.ir/ [!] For Ex (We Edit This Link): [*] https://tci.ir/index.html#!/4137768072 [+] Exploitation Technique: [!] remote [+] Severity Level: [!] Low [+] Request Method : [!] POST [+] Vulnerable files : [!] index.html [+] Patch : [!] Restrict user input or replace bad characters [+] We Are : [+] 0P3N3R [+]
Copyright ©2019 Exploitalert.