BOOK THIS SPACE FOR AD
ARTICLE ADFree Article Link: Here!!
As usual I was exploring a random VDP Program(they were offering cool swags 😎) its was basically like coding practice site where you can code and flex on there community section with your unique approach of solving question.
Here’s the deal: In the community section, you can post blogs about programming and development. These blogs are interactive , you can like them, comment on them, and that’s where the main Broken Access Control bug shows up.
Common Misconfiguration
So after add comment HTTP request seems something like this in hacker’s favourite proxy tool (Burpsuite)
In above image you can see in response there are two parameters “up_votes: 0” “is_pinned: false”