Share
## https://sploitus.com/exploit?id=PACKETSTORM:177804
Exploit Title: Broken Access Control - on NodeBB v3.6.7  
  
Date: 22/2/2024  
  
Exploit Author: Vibhor Sharma  
  
Vendor Homepage: https://nodebb.org/  
  
Version: 3.6.7  
  
Description:  
  
I identified a broken access control vulnerability in nodeBB v3.6.7,  
enabling attackers to access restricted information intended solely  
for administrators. Specifically, this data is accessible only to  
admins and not regular users. Through testing, I discovered that when  
a user accesses the group section of the application and intercepts  
the response for the corresponding request, certain attributes are  
provided in the JSON response. By manipulating these attributes, a  
user can gain access to tabs restricted to administrators. Upon  
reporting this issue, it was duly acknowledged and promptly resolved  
by the developers.  
  
  
  
Steps To Reproduce:  
1) User with the least previlages needs to neviagte to the group section.  
2) Intercept the response for the group requets.  
3) In the response modify the certian paramters : "  
*"system":0,"private":0,"isMember":true,"isPending":true,"isInvited":true,"isOwner":true,"isAdmin":true,  
**" *".  
4) Forward the request and we can see that attacker can access the  
restricted information.  
  
*Impact:*  
Attacker was able to access the restricted tabs for the Admin group  
which are only allowed the the administrators.