😎 My first paid IDOR in Bug Bounty!
It was in a REST API endpoint.
It used an Authorization header with a Bearer token, but when I removed it from the request, it still responded with the data.👇
It was in a REST API endpoint.
It used an Authorization header with a Bearer token, but when I removed it from the request, it still responded with the data.👇
To identify the user, it used a header with a value that acted as an ID, easy to predict to find valid IDs with brute force. #BugBounty #CyberSecurity 🐛💰
جاري تحميل الاقتراحات...