Exploits / Vulnerability Discovered : 2024-04-21 |
Type : webapps |
Platform : typescript
This exploit / vulnerability Flowise 1.6.5 authentication bypass is for educational purposes only and if it is used you will do on your own risk!
puts authentication middleware for all the endpoints with path /api/v1
except a few whitelisted endpoints. But the code does check for the case
sensitivity hence only checks for lowercase /api/v1 . Anyone modifying the
endpoints to uppercase like /API/V1 can bypass the authentication.
*POC:*
curl http://localhost:3000/Api/v1/credentials
For seamless authentication bypass. Use burpsuite feature Match and replace
rules in proxy settings. Add rule Request first line api/v1 ==> API/V1