Unauthenticated book download and view details in kareadita/kavita
Aug 7th 2022
A unauthenticated user can download, view the details and resources, and retrieve individual pages of any book in the system without any kind of authorization or authentication verification.
Unauthenticated book operations list:
1 - Download any book via the
2 - Get information of any book via the
3 - Get all the resources of any book via the
/api/book/<book-id>/book-resources endpoint .
4 - Get all the chapters of any book via the
5 - Get individual pages of any book via the
6 - Get page image of any book via the
Proof of Concept
- 1 - Send the following request, where the
<chapterID>is the id of the target book.
GET /api/reader/pdf?chapterId=<chapterID> HOST localhost:5000
- 2 - The book is downloaded with success.
A unauthenticated user can download every book in the application and retrieve related book information, without the permissions required to do so.