CyberSecurity Revolution
This is a story of an IDOR I reported on an Asian fashion eCommerce website’s private program. Like most eCommerce websites, this website provided a feature to store addresses in the customer’s account …
Continue reading
Historically, system developers have been assigning auto-incrementing integer identifiers to database rows. This made it trivial to exploit IDORs. Just one vulnerability could allow exfiltration of all objects belonging to any user in the application. Same goes for delete or edit IDORs.
Continue reading
Hey There, I am Amey Anekar - Web and Mobile Application Security Specialist, Bug Bounty Hunter and Author of TechKranti. I love to write and discuss all things Security.
Feel free to DM me on Twitter if you would like to have a chat.