($$$) Broken Authentication and IDOR at [REDACTED]

Proof of Concept

Wordlist login
Wordlist newsroom
  • Disable the javascript in browser
  • or Save and edit the source code locally
Source code
Admin panel
Javascript source code
Bounty

Timeline

  1. 1 October 2021: Initial Report
  2. 4 October 2021: Report Validate by H1 Team
  3. 11 November 2021: Bug Fixed and Resolved
  4. 7 December 2021: $$$

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Introducing Speedboat

Docker desktop, microk8s and the battle for the k8s laptop

Ensuring Usernames are Unique in Your AWS Amplify App

How to change Manager View of Time Card Approval in Oracle HCM Cloud

Dockerizing a Spring Boot Application with Maven

How to set up monitoring tools for Java application

Git aliases

đź’Ą| Deterministic Physics and Predictable Explosions | đź’Ą

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rizaldi Wahaz

Rizaldi Wahaz

InfoSec

More from Medium

How I Was Able To TakeOver Any Account On One Of Europe's Largest Media Companies

No Rate Limit at Reset Password Endpoint can Lead to account takeover (APPLE CORP)

Sensitive Information disclosure through unrestricted Directories

FILE UPLOAD RESTRICTION BYPASS