leak receipt of another user

Disclosed: 2015-11-13 08:15:56 By adrianbelen To udemy

Unknown

Vulnerability Details

A attacker can leak receipt information of another user by using the forced browse. by changing single char here i see another user's receipt https://www.udemy.com/dashboard/pdf-receipt/?invnum=PD-CC-66574B6C57334B626B366B39 https://www.udemy.com/dashboard/pdf-receipt/?invnum=PD-CC-66574B6C57334B696B366B3D

Actions

View on HackerOne

Report Stats

Report ID: 61371
State: Closed
Substate: resolved
Upvotes: 2

leak receipt of another user

Vulnerability Details

Actions

Report Stats

Share this report