Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-52389 PoC — Envasadora H2O Soda Cristal 安全漏洞

Source
https://github.com/ktr4ck3r/CVE-2025-52389
Associated Vulnerability
Title:Envasadora H2O Soda Cristal 安全漏洞 (CVE-2025-52389)
Description:An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request.
Description
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows unauthenticated attackers to access sensitive data for other users via a crafted HTTP request.
Readme
# CVE-2025-52389
# Description
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows unauthenticated attackers to access sensitive data for other users via a crafted HTTP request.
# Version
app.sodacristal - 40.20.4
## Proof of Concept
When accessing the customer's contract at https://www.app.sodacristal.com/contrato/#contract_number# you can change the number so you can see another customer's contract.
To make the filter easier you can use burp suite and filter by site length.
File Snapshot

 [4.0K]  /data/pocs/d16b0f73b5351e78dee02afd6aad0f093fcf8a51
└── [ 529]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →