Thursday, 20 September 2018

DBID leakage through Dropbox Chooser

Introduction:


  • Chooser:
The Chooser is the fastest way to get files from Dropbox into your web app. It's a small JavaScript component that enables your app to get files from Dropbox without having to worry about the complexities of implementing a file browser, authentication, or managing uploads and storage. -Dropbox

  • DBID :

    DBID is a dropbox account id from which you can get the Account Owner Name and Email id attached to it through this endpoint.


How Chooser works:


  • A third party website embeds the chooser.
  • Then anyone visiting that website can share their files from Dropbox to that particular website.
  • You can try this at https://www.dropbox.com/developers/chooser.

Bug:



As it can be seen, chooser was not only sharing the temporary download link to the third party but also DBID.

POC:




Timeline:
  • Reported: Jan 7th 2018
  • Triaged: Jan 9th 2018
  • Closed as resolved: Jan 20th 2018

No comments:

Post a Comment