921$ Privilege Escalation: Unauthorized User Addition to Shared APP Connections

Before we move on, if you like my write-ups, please support me by clapping, sharing, and you can clap up to 50 times here on Medium, it’s free. Thank you.

Steps to Reproduce:

A low-level user accesses their Zapier account.In connection settings, the attacker edits a shared connection’s name.Intercepting the request, the attacker modifies parameters, adding the user to the shared connection.The attacker sends the modified request, resulting in a successful addition of the user to the connection.Admin verifies the addition of the user in the shared connection.

Potential Impact

Unauthorized user additions to shared connections compromise the integrity of collaborative platforms provide access of confidential data to unauthorized users. This security loophole may lead to misuse, unauthorized data access, and potential breaches of privacy.

The Bounty

Exapier acknowledged the severity of this bug and rewarded a bounty of $921 for its discovery and responsible disclosure.

Takeaway

This security loophole sheds light on the critical need for robust access controls. It underscores the importance of meticulous permission management, ensuring that only authorized personnel can manipulate shared connections. The key lesson here is clear: always play with permissions when finding or hunting for bugs.

Leave some clap if you enjoyed this read, leave your feedback in comment and consider following me for more exciting findings.

Find me on Twitter: @a13h1_

Keep Supporting, Keep Clapping, Keep Commenting.