Hi Everyone,
Few days back I was testing an application which allows users to create a web for them. I tested it for few days and found some critical vulnerabilities in it.
So consider this web application as target.com.
This application allows to create a web and we can install the templates that are available in the applications template store. There was also an option to create our own template.
So I started creating my own templates. These templates wont show up in the store as these are private templates and not Public. There was no option available to the user to create a Public template for security reason.
When I was creating a template I saw an api with a parameter "isPublic" which was set to false.
Ok, This looks interesting.
I didn't have any idea at that moment why is that parameter being sent and that I cannot create a Public template.
I changed false to true and resumed my testing. After few moments I went to the template store just to check which templates are available and was excited to see my template there.
There I knew this was something critical.
My theme would be shown to every user who creates an account with target.com.
I created a PoC with a template name "Target.com is not secure" to show the impact of the issue. This would mean that business of that application would be at risk.
The issue got fixed in a few hours.
