.png)
3 months ago
19 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello everyone ,
I’m Hossam Hamada, Today I would like to share with you one of my discoveries in HackerOne ’s program
Let’s say : https://example.com
While navigating through the program, I accessed a page dedicated to managing reports. This page allows users to create both individual reports and folders, with the ability to create reports within these folders. I noticed that:
- Any user can create a folder or a report.
- All users can view these reports.
- Only the owner of a report can delete it.
- However, anyone can delete a folder, regardless of ownership.
Exploiting the Vulnerability
Given these permissions, I hypothesized that if I deleted a folder containing reports owned by other users, it would result in the deletion of both the folder and the reports inside. I tested this by following these steps:
1. Deleting a Folder Containing Another User’s Report:
-I deleted a folder that contained a report owned by another user.
-The result was that both the folder and the report within it were deleted.
-This demonstrated that any report inside a folder could be deleted indirectly by deleting the folder.
2. Moving a Report into a Folder to Exploit the Deletion:
-I wondered if I could attach other users’ reports to folders. If I did that, I could delete the users’ reports by placing them inside the folders and then deleting the folders, which would result in the deletion of the reports inside. I successfully managed to do this.
-First, I needed the ID of the report I wanted to delete, which I obtained using the copy button and intercepting the request. The report ID was embedded in the request.
-Next, I created a new report and then a new folder.
-I moved my report into the newly created folder and intercepted the move request. The request included both the report ID and the folder ID.
-I substituted my report’s ID with the ID of the target report (the victim’s report) and sent the request.
-This successfully moved the victim’s report into my folder.
3. Final Deletion of the Folder:
-I then deleted the folder that now contained the victim’s report.
-As expected, this action resulted in the deletion of both the folder and the victim’s report.
Conclusion
This vulnerability allows any user to delete reports owned by others by first moving them into a folder and then deleting that folder. This poses a significant risk as it enables unauthorized deletion of important reports.
Thank you for Reading!
Happy Ethical Hacking ~
Bengali (Bangladesh) · 
English (United States) ·