π U.S. Dept Of Defense: View another user information with IDOR vulnerability
π‘ Newskategorie: SicherheitslΓΌcken
π Quelle: vulners.com
1- Navigate to the system. (https://βββββββ/login.php) 2- Navigate to register page. (https://ββββββββββ/register.php)(i created user, username:ββββββ pass: TEst.123.!) 3- Login to the system. (https://βββ/login.php) 4- Navigate to "My Profile Page". 5- Intercept the request. 6- Change the "UID2=4820038" cookie value with "UID2=4820036". 7- Send the request to server. 8- View another user information. Impact I can view another user... ...