Improper Access Control – Generic: Unrestricted access to any “connected pack” on docs in


When adding a pack to the doc, a post request is sent to[doc ID]/packs with data {"packId":[pack Id]} where doc ID is the id of doc user wishes to add pack and pack ID is the pack user wants to install.

But this request was unrestricted and the user could iterate the packId to get any free/pro/disabled pack.


Leave a Reply