all InfoSec news
The Unexpected “0” Master ID for Account Data Manipulation
July 3, 2023, 2:42 p.m. | YoKo Kho
InfoSec Write-ups - Medium infosecwriteups.com
A simple story when Allah allowed me to successfully achieve P1 through a broken access control issue using an unexpected master ID of “0”.
بسم الله الرحمن الرحيم
Mirroring from: http://www.firstsight.me/2023/06/the-unexpected-0-master-id-for-account-data-manipulation/
As usual, I will try to release this write-up with two different approaches, which are:
- For those who only need the main points of this finding (InshaAllah it can saves tons of minutes if readers understanding every flow already) — please kindly see the TL;DR section, and
- For those …
More from infosecwriteups.com / InfoSec Write-ups - Medium
JNDI Injection — The Complete Story
4 days, 5 hours ago |
infosecwriteups.com
HacktheBox Starting Point: Explosion Walkthrough
5 days, 19 hours ago |
infosecwriteups.com
My LLM Bug Bounty Journey on Hugging Face Hub via Protect AI
6 days, 6 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Consultant Sécurité SI Gouvernance - Risques - Conformité H/F - Strasbourg
@ Hifield | Strasbourg, France
Lead Security Specialist
@ KBR, Inc. | USA, Dallas, 8121 Lemmon Ave, Suite 550, Texas
Consultant SOC / CERT H/F
@ Hifield | Sèvres, France