How I got: GraphQL IDOR — Unauthorised Access of PII via Missing Authorisation Controls

mrtom001.medium.com · Snehil · 5 hours ago · bug-bounty
quality 2/10 · low quality
0 net
AI Summary

A bug bounty writeup describing an IDOR vulnerability in a GraphQL API that allowed unauthorized access to personally identifiable information (PII) due to missing authorization controls.

Tags
graphql idor authorization access-control pii bug-bounty

Severity: High | Type: Insecure Direct Object Reference (IDOR)

Continue reading on Medium »

← Back to stories