all InfoSec news
Finding the hidden function led to a $300 IDOR
March 29, 2024, 3:35 a.m. | M7arm4n
InfoSec Write-ups - Medium infosecwriteups.com
Hello folks 👋
Today I’m about to tell you guys a story about finding the beautiful BAC on a program so fasten your seatbelt and sit tight.
The story behind the attack is that the attacker can read the comments of the circle that the manager has removed him from. Quite interesting nah ?!
So let’s get into the attack scenario :
- In the first step, we create two accounts, a manager and an attacker
- Then we login to our …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Subdomain takeover via AWS s3 bucket
4 days, 1 hour ago |
infosecwriteups.com
Prevent Cross-Site Scripting Attacks in Node.js
4 days, 1 hour ago |
infosecwriteups.com
HTB: Bizness walkthrough
4 days, 1 hour ago |
infosecwriteups.com
CozyHosting HTB Easy | Walkthrough
4 days, 1 hour ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC