Critical IDOR - Get venue data of any organization remotely

Disclosed: 2016-06-12 16:04:09 By itly To veris

Unknown

Vulnerability Details

Hello Team, I have found a critical IDOR vulnerability which allows an attacker to get venue data of any organization remotely by just changing the venue_id. Proof of Concept: Please find the attached screenshots. Best Regards, Hely H. Shah

Actions

View on HackerOne

Report Stats

Report ID: 120305
State: Closed
Substate: resolved
Upvotes: 3

Critical IDOR - Get venue data of any organization remotely

Vulnerability Details

Actions

Report Stats

Share this report