POC详情: d16b0f73b5351e78dee02afd6aad0f093fcf8a51

来源
https://github.com/ktr4ck3r/CVE-2025-52389
关联漏洞
标题: Envasadora H2O Soda Cristal 安全漏洞 (CVE-2025-52389)
描述:Envasadora H2O Soda Cristal是巴西Envasadora H2O公司的一个应用程序。 Envasadora H2O Soda Cristal v40.20.4版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致敏感数据泄露。
描述
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows unauthenticated attackers to access sensitive data for other users via a crafted HTTP request.
介绍
# CVE-2025-52389
# Description
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows unauthenticated attackers to access sensitive data for other users via a crafted HTTP request.
# Version
app.sodacristal - 40.20.4
## Proof of Concept
When accessing the customer's contract at https://www.app.sodacristal.com/contrato/#contract_number# you can change the number so you can see another customer's contract.
To make the filter easier you can use burp suite and filter by site length.
文件快照

 [4.0K]  /data/pocs/d16b0f73b5351e78dee02afd6aad0f093fcf8a51
└── [ 529]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。