The UI Performs the Wrong Action in kcal-app/kcal

Valid

Reported on

Sep 27th 2021

Description

Sensitive Data can be exposed even after logouting the application due to ui wrong action

Proof of Concept

1) login to the application dashboard (http://demo.kcal.cooking/)
2)  Goto Any pages ( recipes,foods )
3) Click logout
4) Click browser back button

Application structure exposed  we can still search for foods

Impact

Any other user can view the data if browser tab remains unclosed after logouting. application must striclty redirect to login page even browser back button is pressed,

We have contacted a member of the kcal-app/kcal team and are waiting to hear back 2 years ago

Christopher Charbonneau Wells validated this vulnerability 2 years ago

0xdhinu has been awarded the disclosure bounty

The fix bounty is now up for grabs

Christopher Charbonneau Wells marked this as fixed with commit 419fcc 2 years ago

Christopher Charbonneau Wells has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation