Vulnerability

In this blog post, I will explain a vulnerability that I found that allows low privileged users to take ownership of published dashboards, charts, or datasets via the application’s export and import functionalities, which lack a validation process during import. This flaw in the system enables lower privileged users to view, edit and dismiss original owners of these resources. The post details my research journey, findings, and the potential implications of the vulnerability.

In late September, I found a bypass to a strange captcha system in a website that belongs to a well-known telecommunications company in Portugal. I hope you like it!