Lately, I have been doing a manual review of a web-application designed using
python-flask,polymer js and node.js.
I was able to retrieve both
access-token since it was base64 encoded. The application developers say they have not exposed the api-endpoints.
So with the GET request
I can view a json formated file on web-browser in the
data section is contained the base64 encoded request which looks like this (after utf-8 HTML decoding looks like)
I tried sending it with a different username instead of
demouser i got
302 response. I’m using
zap for testing. I want to know what be impact of this vulnerability in such scenario, is there a way i can replay this api get request outside application (logged-in) context. Thanks.