Listen to this Post
The CVE-2024-4761 vulnerability in EverShop is an Insecure Direct Object Reference (IDOR) flaw within the GraphQL order resolver. The `Order.resolvers.js` file contains a function that handles order data queries using a user-supplied `uuid` parameter. This `uuid` is used directly as a key to retrieve order details from the database without performing proper authorization checks. An attacker can manipulate this `uuid` argument in the GraphQL request to access orders belonging to other users. The vulnerability stems from the application’s failure to verify if the currently authenticated user has the necessary permissions to access the specific order identified by the provided uuid. This allows a malicious actor to systematically alter the `uuid` and gain unauthorized access to sensitive order information, constituting a broken access control mechanism.
Platform: EverShop
Version: <=2.0.1
Vulnerability : IDOR
Severity: Critical
date: 2024-10-16
Prediction: Patch Q4 2024
What Undercode Say:
curl -X POST http://target.com/graphql -H "Content-Type: application/json" -d '{"query":"query { order(uuid: \"ATTACKER_UUID\") { items { name } } }"}'
// Order.resolvers.js - Vulnerable Code Snippet
const getOrder = async (_, { uuid }, context) => {
// Missing authorization check here
return await OrderModel.findOne({ where: { uuid } });
};
How Exploit:
Manipulate GraphQL `uuid` parameter.
Protection from this CVE:
Implement authorization checks.
Impact:
Unauthorized data access.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
