misesop375

2 IDOR’s & WAF Bypass to Expose Full Event Database

During a recent engagement on a food industry B2B platform, I discovered a vulnerability chain that allowed me to dump the entire database of users registered for a corporate event. By chaining a sequential ID enumeration vulnerability with a secondary IDOR on the “Edit Profile” endpoint - and optimizing the attack by identifying a weakness in the ID generation logic - I was able to access the Personally Identifiable Information (PII) of all event attendees.

misesop375

20