Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019090191

Below is a copy:

Iranian TCI ISP IDOR Vulnerability
[+] Exploit Title ; Iranian TCI ISP IDOR Vulnerability

[+] Date : 2019-09-30

[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS

[+] Vendor Homepage : https://tci.ir

[+] Dork : N/A

[+] Version : N/A

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : https://telegram.me/WebServer

[+] Description :

[!] TCI is iranian isp...

[!] What is IDOR Vulnerability ?

Insecure Direct Object Reference (called IDOR from here) occurs when a application exposes a reference to an internal implementation object. Using this way, it reveals the real identifier and format/pattern used of the element in the storage backend side. The most common example of it (altrough is not limited to this one) is a record identifier in a storage system (database, filesystem and so on).

IDOR is referenced in element A4 of the OWASP Top 10 in the 2013 edition.



[+] Poc :

[!] https://youtu.be/7bQqlws47AU

[+] hacker can edit the url and see user informations.

[!] Vulnerable Link :

[*] https://tci.ir/

[!] For Ex (We Edit This Link): 

[*] https://tci.ir/index.html#!/4137768072

[+] Exploitation Technique:

[!] remote


[+] Severity Level:

[!] Low

[+] Request Method :

[!] POST

[+] Vulnerable files :

[!] index.html

[+] Patch :

[!] Restrict user input or replace bad characters

[+] We Are :

[+] 0P3N3R [+] 

Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.