1

I'm researching URLs that I'm building against the unique URL that google docs create once you select and send a URL to anyone.

My URL looks like: https://example.com/?doc=abcd123)

  • Should I encode the variable doc in base64? Should it betoken alike
  • wherewith the id and a key that the other end needs to decrypt?
  • Whatis The security issue we are vulnerable to?
  • How exactly can an attacker exploit this vulnerability?
  • What do we need to do to fix the vulnerability?
alexmorgan.cr
  • 270
  • 6
  • 18

1 Answers1

1

The name of this potential vulnerability is insecure direct object references. Potential, because it is not possible to see out of the example you have provided if you are affected. Let me put an example here.

If you allow for unauthenticated doc=myexcel.xls then this is an insecure direct object reference and you are affected. Someone will come and try to fuzz doc into getting doc=sensitive.xls.

If you allow for authenticated and authorized doc=myexcel.xls then this is a secure direct object reference and this would be ok too.

If you allow for unauthenticated doc=efa64d43-cca2-444c-9bcf-9f78b114bda4 where efa64d43-cca2-444c-9bcf-9f78b114bda4 is a UUID type 4 containing 128 bits of entropy pointing to a file you wish to download, then this is insecure indirect object reference and this would be ok.

You can read more about potential prevention in OWASP Cheat Sheets.

Marek Puchalski
  • 3,286
  • 2
  • 26
  • 35