all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How a Simple Browser Change Led to a Critical Authentication Bypass and IDOR

Add to bookmarks
Nov. 2, 2023, 6:46 p.m. | Max Klose

System Weakness - Medium systemweakness.com

Disclaimer: All sensitive information has been redacted, including the company’s name.

While casually looking through the results of perhaps the simplest Google dork “site:example.com „login“”, I came across a page with „login“ in the title but a URL containing „dashboard“. Initially I opened it in a Chromium-based Browser. I observed a brief moment where a dashboard was visible, before being redirected to a login panel.

Curious, I switched to Burp Suite’s integrated Chromium browser and opened the same link, …

authentication authentication bypass browser bug bounty bug-bounty-tips bypass change chromium critical cybersecurity dashboard disclaimer ethical hacking google idor information led login name page results security research sensitive sensitive information simple the company url

Visit resource

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 2 days, 19 hours ago | systemweakness.com
attacks business compromise confidentiality +13
How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 2 days, 19 hours ago | systemweakness.com
access active directory applications authentication +15
OSI Model & TCP/IP Comparison 2 days, 19 hours ago | systemweakness.com
access communication deals frameworks +14
First AD home lab 3 days, 16 hours ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 3 days, 16 hours ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 4 days, 14 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 4 days, 14 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 4 days, 14 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 4 days, 14 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr Security Engineer - Colombia

@ Nubank | Colombia, Bogota
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Menlo Park, CA | Washington, DC | Remote, US
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com
View more jobs