Critical IDOR - Get Rules of any organization remotely

Disclosed: 2016-06-12 16:04:23 By itly To veris

Unknown

Vulnerability Details

Hello Team, I have found a critical IDOR using which an attacker can get rules of any organization remotely by just changing the venue id in GET Request. Proof of Concept: Please find the attached screenshots. Best Regards, Hely H. Shah

Actions

View on HackerOne

Report Stats

Report ID: 120314
State: Closed
Substate: resolved
Upvotes: 3

Critical IDOR - Get Rules of any organization remotely

Vulnerability Details

Actions

Report Stats

Share this report