Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mk-Auth Authenticated IDOR via Invoice ID
Product Description:
Mk-Auth is a Brazilian Management System for Internet Service Providers used to control client access and permissions via a web interface panel.
Vulnerability Description:
It is possible to leak other user’s sensitive information like CPF (Personal Number used in Brazil) by manipulating the number of the invoice requested.
Additional Information:
Any authenticated user can read arbitrary invoices even if it does not belong to the authenticated user. The response leaks sensitive information of the user that the invoice refers to. See below an example of a GET request:
GET /central/recibo.php?titulo=00006 HTTP/1.1
Vulnerability Type:
CWE-639: Authorization Bypass Through User-Controlled Key
Vendor:
Mk-Auth
Affected Product:
MK-Auth 19.01 :: K4.9
Probably previous are also affected
Affected Component:
Faturas: Recibo
Attack Vector:
Remote
Code Execution:
No
Attack Vector:
Any client of the Internet Service Provider that has access to the platform (to download billings and request for support) may exploit this vulnerability.
Reference:
http://mk-auth.com.br/
Discoverer:
Alan Lacerda (alacerda) | alacerda[at]intruderlabs.com.br
Filipe Cordeiro (sknux) | c_sfilipe@outlook.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment