Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-52389 PoC — Envasadora H2O Soda Cristal 安全漏洞

Source
https://github.com/ktr4ck3r/CVE-2025-52389
Associated Vulnerability
Title:Envasadora H2O Soda Cristal 安全漏洞 (CVE-2025-52389)
Description:Envasadora H2O Soda Cristal是巴西Envasadora H2O公司的一个应用程序。 Envasadora H2O Soda Cristal v40.20.4版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致敏感数据泄露。
Description
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows unauthenticated attackers to access sensitive data for other users via a crafted HTTP request.
Readme
# CVE-2025-52389
# Description
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows unauthenticated attackers to access sensitive data for other users via a crafted HTTP request.
# Version
app.sodacristal - 40.20.4
## Proof of Concept
When accessing the customer's contract at https://www.app.sodacristal.com/contrato/#contract_number# you can change the number so you can see another customer's contract.
To make the filter easier you can use burp suite and filter by site length.
File Snapshot

 [4.0K]  /data/pocs/d16b0f73b5351e78dee02afd6aad0f093fcf8a51
└── [ 529]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.