MRS #2: Bypassing premium features by checking “premium validation” parameters (€€€)
2024-3-15 20:53:24 Author: infosecwriteups.com(查看原文) 阅读量:10 收藏

Hi team,

It is a premium feature for users to add notes to an asset they create.

However, I found a Business Logic vulnerability that allows users to use this feature even if they are not premium.

Steps

1- Go to redacted application and click the my assets button. https://redacted.com/MyAssets
2-Click on the add Assets button and create a new item, complete the whole process. During this process, you will not be able to add a note to the Additionnals Information (Notes) field.

“This feature is only avaible for Premium users”

3- When the asset creation process is completed, you will see a summary area like the one below. Since you’re not a premium user, you will not be able to intervene in this area.

4- Now go back to the My Assets area and open Burp Suite (Intercept), click on the arrow sign to edit the item you created.

5- You will see a request of the following type, view the response to the request and change the premium:false parameter to premium:true. Submit the request.

Relevant request.
Response of relevant request.

6- Go back to the page and click on the edit button, you will now be able to directly change the Additionnals informations field. Click on the save button and you will see that you have added notes permanently, even if it is a premium feature.

“Additionnals informations” arena has been changed as “testtest”.
The changes has been successfully completed.

Adding notes to any asset is a premium feature, but we can bypass this via the premium: parameter in the body part of the request. The notes field will be added permanently.


文章来源: https://infosecwriteups.com/mrs-2-bypassing-premium-features-by-checking-premium-validation-parameters-f2e211fad160?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh