address-enumeration

1 article
sort: new top best
clear filter
bug-bounty424 xss286 google262 microsoft220 facebook194 apple141 rce139 malware103 exploit101 account-takeover93 bragging-post92 cve79 csrf76 authentication-bypass67 privilege-escalation62 access-control53 phishing49 dos49 defi48 smart-contract47 supply-chain46 writeup46 browser45 ethereum44 ssrf44 cloudflare44 open-source43 sql-injection41 stored-xss39 web339 aws37 web-security36 input-validation36 docker36 reverse-engineering35 ai-agents35 react34 api-security34 oauth33 smart-contract-vulnerability33 idor31 information-disclosure31 race-condition30 burp-suite30 node30 cross-site-scripting29 denial-of-service29 reflected-xss28 web-application27 clickjacking26
0 5/10
IDOR Vulenebility with empty response still exposing sensitive details of customers!
bug-bounty

An IDOR vulnerability in an e-commerce site's address management API exposed customer addresses and mobile numbers. Although direct address retrieval was protected by session validation, the attacker discovered that a POST request to set a default address with sequential address_id parameters returned HTTP 200 responses, and subsequent checkout page requests displayed other users' full addresses regardless of session context.

idor access-control information-disclosure e-commerce api-security address-enumeration session-validation-bypass
Rahul Varale PortSwigger
rahulvarale.medium.com · kh4sh3i/bug-bounty-writeups · 4 hours ago · details