Idor - Access To Private Resumes

Disclosed by
mar0uane's avatar
mar0uane
  • Engagement Indeed
  • Disclosed date about 2 years ago
  • Reward $250
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Indeed

An authorization flaw in the application was identified, where an endpoint for downloading the pdf of a 'public' resume could also be used to download a resume that was set to 'private' if you had a method to enumerate user resume ids.

Summary by mar0uane

Idor Based in the url of the resume , all what attacker should do is adding /pdf/ to url to bypass it and see private resumes .

Activity
  1. Kyle_indeed’s avatar
    Kyle_indeed Customer published the disclosure report

    ()

  2. Jarvis’s avatar
    Jarvis Customer changed the state to Resolved

    ()

  3. mar0uane’s avatar
    mar0uane requested disclosure

    ()

  4. mar0uane’s avatar
    mar0uane sent a message

    ()

  5. r_indeed’s avatar
    r_indeed Customer sent a message

    ()

  6. mar0uane’s avatar
    mar0uane sent a message

    ()

  7. mar0uane’s avatar
    mar0uane sent a message

    ()

  8. r_indeed’s avatar
    r_indeed Customer changed the state to Unresolved

    ()

  9. r_indeed’s avatar
    r_indeed Customer rewarded mar0uane 10 points

    ()

  10. r_indeed’s avatar
    r_indeed Customer rewarded mar0uane $250

    ()

  11. r_indeed’s avatar
    r_indeed Customer sent a message

    ()

  12. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd changed the severity to P3

    ()

  13. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd changed the state to Triaged

    ()

  14. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd unmarked the submission as a duplicate

    ()

  15. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd sent a message

    ()

  16. r_indeed’s avatar
    r_indeed Customer resolved a blocker for Indeed by providing information on impact

    ()

  17. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd sent a message

    ()

  18. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd created a blocker on Indeed to provide information on impact

    ()

  19. mar0uane’s avatar
    mar0uane sent a message

    ()

  20. mar0uane’s avatar
    mar0uane sent a message

    ()

  21. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd sent a message

    ()

  22. mar0uane’s avatar
    mar0uane sent a message

    ()

  23. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd marked the submission a duplicate of a previously submitted report

    ()

  24. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd changed the state to Not applicable

    ()

  25. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd updated VRT to Broken Access Control (BAC) > Insecure Direct Object References (IDOR)

    ()

  26. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd sent a message

    ()

  27. mar0uane’s avatar
    mar0uane created the submission

    ()