How a line of code resulted in a $20,000 bug bounty from GitLab
The hidden dangers of numerical IDs
Published in
4 min readJul 31, 2022
Summary
Web applications have so many different objects, and it’s important to be able to uniquely identify all of these through the use of primary keys. We typically consider numerical IDs to be a good identifier; for example, we could use unique 10-digit number for each user. However, using deterministic IDs can often result in a common vulnerability insecure direct object references (IDOR). In this type of vulnerability, the web…