Support #13296

[SCP ID :##6497##] : VAPT Findings - BIF-103440- Kelemahan IDOR - Mailbox Read

Added by Zahir Abd Latif almost 2 years ago. Updated almost 2 years ago.

Status:Closed - End of life cycleStart date:October 26, 2022
Priority:NormalDue date:
Assignee:Zahir Abd Latif% Done:

100%

Category:-Spent time:-
Target version:-

Description

Hi,
Kindly attend below request:-

Deskripsi :

Pengujian pada aplikasi BIFAST menunjukan aplikasi memiliki kelemahan terhadap serangan insecure direct object reference dimana penyerang bisa melihat informasi mailbox dengan mengganti parameter "mailid"

Sistem Target :

http://10.170.136.228/bifast-portal/ss119/secureMailboxRead.do?createdDate=01%2F08%2F2022+11%3A08%3A52+AM&subject=testingggg&topLink2=sent&mailId=[ID]&userName=[ID]&userId=[ID]&selected=

Rekomendasi :

Kami sarankan untuk implementasi pencegahan berikut :

https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html

31. IDOR MAILBOX READ.png (219 KB) Zahir Abd Latif, October 26, 2022 23:38

31.2 IDOR MAILBOX READ.png (212 KB) Zahir Abd Latif, October 26, 2022 23:38

31.3 IDOR MAILBOX READ.png (199 KB) Zahir Abd Latif, October 26, 2022 23:38

31.4 IDOR MAILBOX READ.png (190 KB) Zahir Abd Latif, October 26, 2022 23:38

History

#1 Updated by Stephanie Sufrapto almost 2 years ago

  • Status changed from New - Begin Life Cycle to Pending UAT Deployment
  • Assignee changed from Bramantyo Pujo Wiyono to Zahir Abd Latif
  • % Done changed from 0 to 100

Provide patch Version 2.0.105 at 8 November 2022

#2 Updated by Zahir Abd Latif almost 2 years ago

  • Status changed from Pending UAT Deployment to Closed - End of life cycle

Issue closed in SCP.

Also available in: Atom PDF