InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

Member-only story

How I uncover an IDOR led to access Private CV

Free Read

JEETPAL
InfoSec Write-ups
Published in
3 min read6 days ago

Hello everyone! Today, I’m excited to share how I discovered an IDOR vulnerability in one of the private programs. Let’s dive right in.

I began my bug hunting routine by enumerating subdomains using the subzy tool to check for subdomain takeovers. After that, I ran waybackurls to gather URLs and proceeded to use the httpx tool to identify interesting domain titles.

During this process, I came across a domain titled “Target Test Portal.”

I immediately visited the page and noticed a signup option. Without wasting time, I signed up for an account. After confirming my account and logging in.

I noticed something interesting:The server’s response contained my email, username, and JWT token, all encoded with my user ID. Surprisingly, there were no additional protections such as secure cookies.

I created a second account to test further. Just like before, this account’s JWT token also followed the pattern of email + userID + username.

Next, I explored my profile section and noticed an option to upload a CV. Initially, I attempted various…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by JEETPAL

An Ethical hacker Bug hunter & Developer Connect me on social media via https://linktr.ee/jeetpal2007 query:jeetpal2007@gmail.com

Responses (2)

Write a response

Brilliant

--

gteattt

--