Use of GET Request Method With Sensitive Query Strings in glpi-project/glpi
Oct 27th 2021
We can have list of user of Emplyes in GLPI plateform
Proof of Concept
Here for example wa are as Intervenant Role.
Steps to reproduce :
- Go to Assistance-->Planning 2.In the left of the menu in front of Plannings section, clich on Plus + Button
- In the Actor Field List we select User
- In the User Field List we select our name ( The person who is connected). It's only this user who is connected and we can export CSV file for exampla
- We intercept with burpsuite and we change the user_id by another value. We can do this multiple time and have list of multiple users
- In the Plannings section on the left menu we can see list of users.
# Impact Sensitive information about usernames, we can use them and brute force the password to have access.