Vulnerability Summary
During a recent engagement on a food industry B2B platform, I discovered a vulnerability chain that allowed me to dump the entire database of users registered for a corporate event. By chaining a sequential ID enumeration vulnerability with a secondary IDOR on the “Edit Profile” endpoint - and optimizing the attack by identifying a weakness in the ID generation logic - I was able to access the Personally Identifiable Information (PII) of all event attendees.
During a recent penetration test on a B2B platform in the food industry, I identified a vulnerability chain that enabled the extraction of the entire database of users registered for a corporate event. By exploiting a sequential ID enumeration vulnerability in conjunction with an Insecure Direct Object Reference (IDOR) on the "Edit Profile" endpoint, and optimizing the attack through analysis of the ID generation logic, I accessed the Personally Identifiable Information (PII) of all event attendees.
The target was a web application facilitating registration for a trade event by store owners and food companies. The registration form collected sensitive PII, including:
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3467641 by perxibes
pyus3rAn Insecure Direct Object Reference (IDOR) vulnerability in the organization API allows authenticated users to manipulate the identifier parameter and retrieve plaintext SFTP credentials belonging to other users or organizations, potentially leading to unauthorized access to sensitive files stored on the SFTP server.
pyus3rAn IDOR vulnerability in a notification configuration endpoint allows an authenticated attacker to modify org_id and username_id to access sensitive user data from other organizations (email, phone, role, etc.).
ok nyc try
Log in to join the discussion.
Sign In