🎭 Unified Impersonation

ระบบสวมรอย e-GP — IDOR + Forge + KMS + File

Guest
G
📊 Dashboard 🔧 Forge DP ⚡ Attack Chain 🔑 KMS Decrypt 📄 File Browser 📈 Results

📄 File Browser (IDOR)

Download ANY file with just apiKey — no JWT, no user binding | 570+ known fileIds

📎 Single File

Enter fileId → get info + download

📦 Batch Download

One fileId per line → download as ZIP

🔗 From IDOR Attack

Load fileIds from merbide002/dexbidi002 results

ℹ️ API Info

Endpoint: egp-upload-service/v1/downloadFile

Auth: apiKey header only (no JWT!)

fileId formats:

{32hex}_{num}_{sys|c}

{24hex}

Known fileIds: 570+ (299+271)

PII types: สำเนาบัตรปชช., ใบทะเบียนพาณิชย์, งบการเงิน, ภพ.20