all InfoSec news
How a Simple Browser Change Led to a Critical Authentication Bypass and IDOR
System Weakness - Medium systemweakness.com
Disclaimer: All sensitive information has been redacted, including the company’s name.
While casually looking through the results of perhaps the simplest Google dork “site:example.com „login“”, I came across a page with „login“ in the title but a URL containing „dashboard“. Initially I opened it in a Chromium-based Browser. I observed a brief moment where a dashboard was visible, before being redirected to a login panel.
Curious, I switched to Burp Suite’s integrated Chromium browser and opened the same link, …
authentication authentication bypass browser bug bounty bug-bounty-tips bypass change chromium critical cybersecurity dashboard disclaimer ethical hacking google idor information led login name page results security research sensitive sensitive information simple the company url