←back to thread

Critical vulnerability in AI coding platform Base44 allowing unauthorized access

(www.wiz.io)
122 points waldopat | 5 comments | 30 Jul 25 16:12 UTC | HN request time: 0.001s | source
Show context
toddmorey ◴[30 Jul 25 19:02 UTC] No.44738229[source]
"The vulnerability we discovered was remarkably simple to exploit - by providing only a non-secret app_id value to undocumented registration and email verification endpoints." So you could sign yourself up as editor / collaborator on any app once you knew the app's ID.

Jeez, that's sloppy. My colleague in 2000 discovered you could browse any account on his bank's website by just changing the (sequential!) account IDs in the URL. In a lot of ways we've made great strides in security over the last 25 years... and in many ways, we haven't.

replies(4): >>44738468 #>>44738495 #>>44739179 #>>44743468 #
1. roozbeh18 ◴[30 Jul 25 20:34 UTC] No.44739179[source]
20 years ago the school class enrollment website allowed just that by changing account IDs in URL, we were bypassing the priority enrollment. I had fun adding my friends and I to classes we wanted.
replies(3): >>44739364 #>>44740701 #>>44741509 #
2. doawoo ◴[30 Jul 25 20:51 UTC] No.44739364[source]
Incredible, my university class reg system had un-sanitized input for the class search field so if you knew the SQL you could find exactly how full a class was and dump the whole table of classes without needing to wait for your reg to open.

And pretty sure you could insert your student ID into the class that way too :)

replies(1): >>44740050 #
3. ashton314 ◴[30 Jul 25 22:05 UTC] No.44740050[source]
Heck you could probably just kick people out of the class that you didn't want to take it with.
4. cj ◴[30 Jul 25 23:20 UTC] No.44740701[source]
I took a slightly different approach and simply wrote a script that checked availability every minute, and then sent me a text message alert when a seat opened up.

(Upperclassmen often switched their schedules around after the priority enrollment deadline ended)

Not as bullet proof as your approach!

5. cwmoore ◴[31 Jul 25 01:36 UTC] No.44741509[source]
That’s useful. But 30 years ago you could iterate Social Security Numbers.