Google Data Studio Insecure Direct Object Reference ($3133.70 USD)

We discussed this vulnerability during Episode 163 on 31 October 2022

Straight forward IDOR, but the vulnerable feature is somewhat hidden. Within Google Data Studio you have an option to create a template and then perhaps add that template to the report, it is the process of persisting that template in a report that is vulnerable to IDOR.

When you go to add the new/temporary template to a report a request to /persistTempReport will be made with a sourceReportId. This identifer does not have any authorization checks and can point to any report.