How I found an IDOR in deletion of comparison lists
Read about an interesting scenario of IDOR that allowed to me view private user information and also delete publicly available list.
Read about an interesting scenario of IDOR that allowed to me view private user information and also delete publicly available list.
The post disccuss around the basics of OAUTH and how to hunt for OAUTH vulnerabilities like leaking tokens, abusing redirect URI, absense of state parameter.
The post talks about an interesting find of XSS even when the filter was used. It also covers the mistakes that a developer makes while sanitizing input.
The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE
XXE remains amongst the one with a critical score on the severity perspective. Why? Being able to read server's sensitive files is where the victim can be fully compromised.