all InfoSec news
The Unexpected “0” Master ID for Account Data Manipulation
July 3, 2023, 2:42 p.m. | YoKo Kho
InfoSec Write-ups - Medium infosecwriteups.com
A simple story when Allah allowed me to successfully achieve P1 through a broken access control issue using an unexpected master ID of “0”.
بسم الله الرحمن الرحيم
Mirroring from: http://www.firstsight.me/2023/06/the-unexpected-0-master-id-for-account-data-manipulation/
As usual, I will try to release this write-up with two different approaches, which are:
- For those who only need the main points of this finding (InshaAllah it can saves tons of minutes if readers understanding every flow already) — please kindly see the TL;DR section, and
- For those …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Subdomain takeover via AWS s3 bucket
4 days, 3 hours ago |
infosecwriteups.com
Understanding the CrowdStrike 2024 Global Threat Report
4 days, 3 hours ago |
infosecwriteups.com
Prevent Cross-Site Scripting Attacks in Node.js
4 days, 3 hours ago |
infosecwriteups.com
HTB: Bizness walkthrough
4 days, 3 hours ago |
infosecwriteups.com
CozyHosting HTB Easy | Walkthrough
4 days, 3 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC