I Can Delete Any Airbnb Users Symbol!
Unknown
Vulnerability Details
Hello Team,
I Noticed a Critical Flow that allows attacker to Delete Any *Airbnb* users Symbol!
ex: **[https://create.airbnb.com/16925230/symbol/delete](https://create.airbnb.com/16925230/symbol/delete)**
* Just Copy The link and replace victim's profile id with `16925230`.
* Run the URL.
* Victims Symbol will be deleted!
Looking Forward!
Actions
View on HackerOneReport Stats
- Report ID: 49356
- State: Closed
- Substate: resolved
- Upvotes: 3