.png)
3 years ago
299 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi everyone,
Imran this side/
This write-up is all about the vulnerability that was found on larksuite which allowed any user to steal files of other user’s.
In larksuite we can upload different types files on drive and each file has his own unique id by knowing the unique id an attacker could have potentially accessed the file even though it was private.
After reporting n number’s of bugs to larksuite i decided to take a break and focus on some other program but as this was my favorite program i on daily basis used to check for some changes/updates on larksuite one day i found that they have introduced a new feature called Footer
And according to google A footer is an email element placed at the bottom, which usually contains general information about a company.
So there was as option to upload images once the image was uploaded it was given a file token
And once the images was uploaded another POST request was sent to the server with that file token in order to save changes
Each file had his own token either public or private if this token was changed and replaced with some other token which was kept as private by the owner i would have accessed it.Once the tampered request was sent to the server broken image showed up if then clicked on view image that particular private file was downloaded without any restrictions.
Thank you :-)
I hope you would have enjoyed reading this.
Bengali (Bangladesh) · 
English (United States) ·