| Título | Eastnets PaymentSafe 2.5.26.0 Improper Authorization |
|---|
| Descripción | The application suffers from a Failure to Restrict URL Access vulnerability, allowing unauthorized access to sensitive bank transaction details. An attacker with a valid session can directly access restricted endpoints containing confidential financial data, bypassing intended authorization controls.
Step To reproduce:
1. In the poc, AppSecTest3 user have the access to see the achieved messages while AppSecTest1 user does not have permission of this functionality.
2. Copy and pasting the URL in AppSecTest1 user session gives access to the sensitive details. |
|---|
| Fuente | ⚠️ https://drive.google.com/file/d/1WT5mJwL9NvKxBLIIj7TDbeAq6dchs5Gk/view?usp=sharing |
|---|
| Usuario | kushkira (UID 60170) |
|---|
| Sumisión | 2025-02-17 11:11 (hace 1 Año) |
|---|
| Moderación | 2025-03-01 08:39 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 298064 [Eastnets PaymentSafe 2.5.26.0 URL /Default.aspx escalada de privilegios] |
|---|
| Puntos | 20 |
|---|