Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-39015 | CWE-200 | $10,000 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | Critical | Remote | 2019-09-30 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N | 0.02192 | 0.50148 |
[+] Exploit Title ; Iranian TCI ISP IDOR Vulnerability [+] Date : 2019-09-30 [+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS [+] Vendor Homepage : https://tci.ir [+] Dork : N/A [+] Version : N/A [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] TCI is iranian isp... [!] What is IDOR Vulnerability ? Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (altrough is not limited to this one) is a record identifier in a storage system (database, filesystem and so on). IDOR is referenced in element A4 of the OWASP Top 10 in the 2013 edition. [+] Poc : [!] https://youtu.be/7bQqlws47AU [+] hacker can edit the url and see user informations. [!] Vulnerable Link : [*] https://tci.ir/ [!] For Ex (We Edit This Link): [*] https://tci.ir/index.html#!/4137768072 [+] Exploitation Technique: [!] remote [+] Severity Level: [!] Low [+] Request Method : [!] POST [+] Vulnerable files : [!] index.html [+] Patch : [!] Restrict user input or replace bad characters [+] We Are : [+] 0P3N3R [+]
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.