LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

How are you, my friends?

6 months ago 32
BOOK THIS SPACE FOR AD
ARTICLE AD

idor affects all users

How are you, my friends? I hope you are well. Today I will share with you my first write-up about the first vulnerability I discovered of type idor in the global telecommunications company MTN.

I was searching for subdomains and found a domain that had the advantage of reserving products such as devices, books, and software. So I created an account and reserved a book, then I canceled the reservation. I intercepted the request in the burpsuite and started looking closely at the parameters and found this number at the end of the request

I was curious to know what this was, so I booked another product, canceled and intercepted the order. I found the same number with the value 1 added to it, so I knew that it was a unique number for each reservation, so I went to test the idor loophole, so I created another account and reserved a product, then I went to the order following the first account and increased the value of the number by an amount 1 The product for the second account was deleted

In this scenario I can delete all reservations for all users via a count brute force attack

Read Entire Article
  3. How are you, my friends?

Related

Researchers Unveil “Bootkitty” — The First UEFI Bootkit Targeting Linux Kernels!

Researchers Unveil “Bootkitty” — The First UEFI Bootkit Targeting Linux Kernels!

Interpol Arrests 1,000+ in Massive ‘Operation Serengeti’ Anti-Cybercrime Crackdown

Interpol Arrests 1,000+ in Massive ‘Operation Serengeti’ Anti-Cybercrime Crackdown

New NachoVPN Attack: Rogue VPN Servers Installing Malicious Updates ️

New NachoVPN Attack: Rogue VPN Servers Installing Malicious Updates ️

SMB Enumeration and Exploitation: Master Ports 139 and 445 for Penetration Testing

SMB Enumeration and Exploitation: Master Ports 139 and 445 for Penetration Testing

Understanding Ethical Hacking: The Key to Cybersecurity

Understanding Ethical Hacking: The Key to Cybersecurity

How to Find DNS Rebinding Vulnerabilities in Bug Bounty Hunting

How to Find DNS Rebinding Vulnerabilities in Bug Bounty Hunting

Trending

1. Moana 2
2. Syed Mushtaq Ali Trophy
3. Urvil Patel
4. Adani news
5. Temba Bavuma
6. South Africa vs Sri Lanka
7. Phillip Hughes
8. Cyclone Fengal
9. Suresh raina
10. Akhil

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved