How a Replayed API Request Bypassed Backend Restrictions

medium.com · Rahul Masal · 2 days ago · bug-bounty
quality 5/10 · average
0 net
AI Summary

A researcher discovered an API vulnerability in an education platform where replayed API requests could bypass backend restrictions, allowing creation of unlimited schools in the teacher portal.

Tags
api-vulnerability request-replay backend-bypass access-control education-platform bug-bounty authorization-bypass
Entities
Rahul Masal

While testing an online education platform’s teacher portal, I noticed something interesting.

Continue reading on Medium ยป

← Back to stories