Google Data Studio Insecure Direct Object Reference ($3133.70 USD)
Original Post:
We discussed this vulnerability during Episode 163 on 31 October 2022
Straight forward IDOR, but the vulnerable feature is somewhat hidden. Within Google Data Studio you have an option to create a template and then perhaps add that template to the report, it is the process of persisting that template in a report that is vulnerable to IDOR.
When you go to add the new/temporary template to a report a request to /persistTempReport
will be made with a sourceReportId
. This identifer does not have any authorization checks and can point to any report.