Open Nvz0x opened 1 year ago
The application allows unauthorized access to data of other objects.
A valid user can interact with other user's information as the application is not checking the authorization of the use
PoC:
https://example.com/{USERNAME}/notifications
A valid user can view other users' notifications
For example logged in with : nvz account
nvz
nvz Notifications
As a result can view another user notifications
2 months later and no reply, I think I will hold off on purchasing this.
The application allows unauthorized access to data of other objects.
A valid user can interact with other user's information as the application is not checking the authorization of the use
PoC:
https://example.com/{USERNAME}/notifications
A valid user can view other users' notifications
For example logged in with :
nvz
accountnvz
NotificationsAs a result can view another user notifications