How a line of code resulted in a $20,000 bug bounty from GitLab

The hidden dangers of numerical IDs

Summary

Web applications have so many different objects, and it’s important to be able to uniquely identify all of these through the use of primary keys. We typically consider numerical IDs to be a good identifier; for example, we could use unique 10-digit number for each user. However, using deterministic IDs can often result in a common vulnerability insecure direct object references (IDOR). In this type of vulnerability, the web…