.png)
1 month ago
32 BOOK THIS SPACE FOR AD
ARTICLE AD
Hey Everyone,
My name is Satyam Singh, and I’m back again with another article where I will share how I uncovered an IDOR vulnerability within an application that utilizes UUIDs.
I was testing an application and discovered that it utilizes UUID values, making them non-guessable.
After some exploration, I stumbled upon a functionality that allows users to create an API token. Interestingly, the URL contained a “?account_id=” parameter, which passes numeric IDs.
Upon seeing these numeric IDs, I experimented by altering the ID values. Surprisingly, I found that I could access information about other users. 😄
I copied the parameter and explored other application functionalities where UUIDs are used. By replacing the UUID and adding the “account_ID” parameter, I could enumerate data belonging to other users. 😁
To show the Impact, I created two account, i.e., regular and admin users.
I created some data from the Admin account, which can be seen in the widgets area.
In the below screenshot, regular users have no data in the widgets.
However, after adding the “account_id” parameter, we can see the magic as the admin user’s widget data becomes visible. 😂
I captured the above request and sent it to the intruder to perform mass exploitation🙌
So that’s it for this article; I hope you all liked it
Thankyou😊
Connect me:🙌
https://www.linkedin.com/in/satyam-singh-893306221/
Credits:
![16 Times Forced Browsing Leads to Authentication bypass [ 300$ Bounty ]](https://miro.medium.com/v2/resize:fit:1200/1*HjbmfPos5Gtyq_GE7kwDEA.png)
Bengali (Bangladesh) · 
English (United States) ·