About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Multiple Authorization Bypass Issues in Google Richmedia Studio- 430

Zohar ShacharPosted 4 Years Ago
  • Richmedia Studio is a platform used to manage online advertisement campaigns. This includes HTML pages, videos, pictures and other assets.
  • The first vulnerability was an IDOR on the uploaded pictures for a 'preview'. The request took no authentication (it's on another domain) and only had two random values. The first one was correlated with the user accounts ID and the second was the upload time. Using this IDOR, it was trivial to find other assets on the application.
  • The platform supports multiple user levels, where there is an administrator on the site. By using a user with NO access to anything, a single forced browsing technique could be used to see the campaigns. To make matters worse, this could be used to see campaigns in other accounts!
  • The author claimed that the cross-account campaign viewing did not work for admin-to-admin accounts. For some reason, a user with no permissions at all could see the items cross account and in their own account with forced browsing. This appears to be an odd fail to true bug.
  • The author found several more IDORs for campaign information and authorization issues, but does not elaborate on it too much.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed