Critical IDOR - Can select any Parent while creating new Venue

Disclosed: 2016-06-12 16:04:23 By itly To veris

Unknown

Vulnerability Details

Hello Team, I have found a critical IDOR vulnerability which allows an attacker to select any parent while creating a new venue remotely by just changing the "parent" parameter in the request. Proof of Concept: Please find it attached. Best Regards, Hely H. Shah

Actions

View on HackerOne

Report Stats

Report ID: 120312
State: Closed
Substate: resolved
Upvotes: 3

Critical IDOR - Can select any Parent while creating new Venue

Vulnerability Details

Actions

Report Stats

Share this report