Leaking password protected articles content due to improper access control in publify/publify
Apr 10th 2022
Any user who can publish their article can protect it using a password before publishing. So, a valid password to the article is required to view the contents of the article. But when a request is made to article /2022/04/10/<article-title> the UI show it requires a password to view content. But the content of the article is leaked in meta tags of the response.
Proof of Concept
Steps to Reproduce:
- Login to app as Admin and create an article and protect it with a password and publish it
- Now, login as a demo user and navigate to the newly published article. You can see the UI shows it requires a password to view.
- But the content of the article is already leaked in the meta tags of the response body
Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website. compromising confidentiality and integrity of users.
I can reproduce this, thanks!
Hi Matijs, I've more vulnerability to report and discuss. Can you please share me a contact where I can reach out quickly without this long delay? i really excited to work with you.
Hi Mahendra, this platform is the quickest way to reach me.