Idor-ATO

This is a demo lab about a recent critical bug i found that resulted in ATO

The ATO was as a result of:

Idor in Email Change and Verification Endpoints
No ACL in Email Change
No ACL in Email Change Verification

How to Run the lab

Pre-Requisites

SMTP (GMAIL) creds [https://mailmeteor.com/blog/gmail-smtp-settings]
JWT Secret (just random values e.g cat walking on keyboard)
MongoDB database (get on here https://www.mongodb.com/)
nodejs installed locally (if you don't wanna use docker)

Running the web app Locally

clone this repo

git clone https://github.com/crypt0g30rgy/Idor-ATO.git

cd into directory

cd Idor-ATO

run npm install

npm i

run npm dev server

npm run dev

Running Web App in docker

// Testing

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
model		model
routes		routes
utils		utils
.dockerignore		.dockerignore
.env		.env
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
app.js		app.js
docker-compose.yaml		docker-compose.yaml
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Idor-ATO

How to Run the lab

Pre-Requisites

Running the web app Locally

Running Web App in docker

About

Uh oh!

Releases

Packages

Uh oh!

Languages

crypt0g30rgy/Idor-ATO

Folders and files

Latest commit

History

Repository files navigation

Idor-ATO

How to Run the lab

Pre-Requisites

Running the web app Locally

Running Web App in docker

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages