.png)
1 month ago
27 BOOK THIS SPACE FOR AD
ARTICLE ADTarget:
It is a Business management application , that have 4 roles (Owner-Security admin-Editor-Viewer) , Security admin can make api token to access data using the api , Api tokens has three types (Export-Import-Audit logs) , the Export api token is used to export data from application , What is vulnerable was the Audit logs api token , it was exporting the logs of application like changing email , creating users , deleting users.
1)First Vulnerability:
-Audit logs still valid after removing User from organisation.
The Security admin makes an api token , then save it to use after the owner removed him from account , So if user is banned from the organisation he can still access to critical data of the organisation.
Steps to produce:
Make an api token with Account (A).Remove user (A) with owner account.Test api token.I reported it but it was duplicate for 200$.
After that i digged depper with the endpoint , the vulnerable endpoint can be more vulnerable.
2)Second Vulnerability:
The request of creating api token has a parameter with name “actasowner” its value was true , i changed it to false , then guess what , i made an api token that hasn’t owner , so i can make an api token to use after the user is removed from organisation!
Steps to produce:
Intercept the request of making api token.change the param “actasowner” from true to falsetest api token.Thanks god , it wasn’t duplicate , and i got rewarded with 200$
The End:
And that’s all , as you can see single endpoint can cause alot of vulnerabilities , so the best advise to give is to dig depper when you got duplicate on an endpoint , you can get a bypass , you can get another vulnerability also.
Bengali (Bangladesh) · 
English (United States) ·