The user is able to view or modify resources, and perform functions that they have not been authorized to, at various points in the application. Here’s one example of many throughout the application:
- URL: xxx/html/en/default/reportTemplate/viewReport.jsp?reportTemplId=134176&showAddToBookmark=true&tririgasecuritytoken=hKIDzi5SpjthHSgSSuzYJPN
Steps to replicate:
- 1. Login to the application.
- 2. Navigate to My Reports.
- 3. Click on the symbol for “Run Report” for any existing report.
- 4. Intercept the request using a proxy tool and change the value for reportTemplId parameter to 134186.
Again, this is just one of many spots where this issue can be seen in the application.
A privilege escalation on running reports has been mitigated.