IDOR

---

Description

Write Up: Guillaume
Créateur: WOCSA
Difficulté: Inconnu

---

Enoncé

This vulneravility results in an operating fault of the access management to the comment service. This attack allows a malicious user to delete a comment that another user created without having the rights or any agreement from the author.

---

Solution détaillée

Exploitation

The only information needed for this attack is the id of the comment to delete. Then the only step to accomplish the exploit is to go to the follwing address: http://vu9piqbr.3xploit.me/delete_tutorial/

PoC

http://vu9piqbr.3xploit.me/delete_tutorial/1

Risk

This bug changes the initial operating plan of your website. This can lead to a potential loss of confidence from your client considering anybody can delete their comments without their permission. Remediation

A good fix for this vulnerability could be to implement authentification on the delete comment operation. The easiest way to do this in your case is certainly to add a check on the JWT Token's user field and verify that it is the same as the author before deleting it.

---