Skip to content

TechKranti

CyberSecurity Revolution

Tag: authorization

Delete IDOR on a Fashion eCommerce Website

August 26, 2020 Amey Anekar Bounty Hunting

This is a story of an IDOR I reported on an Asian fashion eCommerce website’s private program. Like most eCommerce websites, this website provided a feature to store addresses in the customer’s account …

Continue reading
Structure Of a Mongo Object ID

IDOR through MongoDB Object IDs Prediction

August 25, 2020 Amey Anekar Bounty Hunting

Historically, system developers have been assigning auto-incrementing integer identifiers to database rows. This made it trivial to exploit IDORs. Just one vulnerability could allow exfiltration of all objects belonging to any user in the application. Same goes for delete or edit IDORs.

Continue reading

About Me

Hey There, I am Amey Anekar - Web and Mobile Application Security Specialist, Bug Bounty Hunter and Author of TechKranti. I love to write and discuss all things Security. Feel free to DM me on Twitter if you would like to have a chat.  

Follow Us

  • Facebook
  • Twitter

Top Posts & Pages

  • What is "Content-Type: application/x-protobuf": Protobuf Explained For Hackers
  • How I discovered an SSRF leading to AWS Metadata Leakage
  • IDOR through MongoDB Object IDs Prediction

Categories

  • Bounty Hunting
  • Cyber Security Gyaan
  • Cyber Security News & Updates
  • Malware Reports & Analysis
  • Tips & Tricks

Search TechKranti

WordPress Theme: Mercia by ThemeZee.