2 min readMay 10, 2024
Insecure Direct Object References *CVE-2024–33818*
SpeechLog v.8.1 — Resource Injection
Discovered by: Nikhil Thakur
######################################################################################
# Application Name : SpeechLog v.8.1
# Author: Mr. Nikhil Thakur
# Vendor Homepage: https://www.globitel.com/
# Version: 8.1
# Tested on: Latest version of Chrome, Firefox on Windows and Linux.
# CVE: CVE-2024-33818
######################################################################################— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR).
Reproduction Steps:
- Step 1: Login to SpeechLog Application “https://speechlog.localhost.com/SpeechLog/"
- Step 2: Intercept the traffic through the Proxy Tool “BurpSuite”
- Step 3: Intercept the requests with BurpSuite and search for this HTTP request: https://speechlog.localhost.com/Speechlog/api/User/Get?userID=xxxx&Username=null&WaitingAuditor=false&Email=null
- Step 4: Least Privilege user can get all the registered Users Information by just changing the value of “userID=xxxx” parameter.
- Step 5: After replacing the xxxx value with 3927 & 3924; the API will provide the whole information related to userID=3927 & 3924.
- Step 6: Disclosing Registered User names, emails, passwords, username, etc…
**Many Thanks to Globitel KSA Team for mitigating this Vulnerability…:)**