Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis

Valid

Reported on

Apr 29th 2022


Description

Attacker can be able to download file from system.

Proof of Concept

1.Login as student - > Go to GRADES -> Assignments -> Submit a file to a random assignment -> save.

2.Attacker (with or without account) can be able to download through this URL https://www.rosariosis.org/demonstration/assets/AssignmentsFiles/2021/Quarter7/Teacher2/mathematics%206_1_student%20s%20student_2022-04-29%2003_50_45.zip.

3.The name of a file will be created with format {COURSE_TITLE}_{student_name}_{timestamp}_.{file_ext} -> Easy to bruteforce.

Way to fix

  • There are two ways to fix this issue:
  • Change name format to harder way to predict.

  • Require permission in download file function.

Impact

This vulnerability is capable of Exposure of Sensitive Information to an Unauthorized Actor

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. a month ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back a month ago
François Jacquet validated this vulnerability a month ago
dungtuanha has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet confirmed that a fix has been merged on d6e4da a month ago
François Jacquet has been awarded the fix bounty
to join this conversation