Open gubuntu opened 4 years ago
On Sat, 16 May 2020 at 10:26, moh wahyudi mohwahyudi7@gmail.com wrote: Hi There
i found security bug in your subdomain , the bug called IDOR ( insecure direct object reference ) step to reproduce :
go to https://staging.limpopobims.kartoza.com/account/moderation_sent/1001 change the ID ,and you can see the email of other member i take screenshot for proof, and for reference you can read this https://owasp.org/www-chapter-ghana/assets/slides/IDOR.pdf
On Sat, 16 May 2020 at 10:26, moh wahyudi mohwahyudi7@gmail.com wrote: Hi There
i found security bug in your subdomain , the bug called IDOR ( insecure direct object reference ) step to reproduce :
go to https://staging.limpopobims.kartoza.com/account/moderation_sent/1001 change the ID ,and you can see the email of other member i take screenshot for proof, and for reference you can read this https://owasp.org/www-chapter-ghana/assets/slides/IDOR.pdf