search

piyush-eon / notezipper

Watch Full Tutorial for this App on YouTube
https://www.youtube.com/watch?v=IQXjO0t4XRM&list=PLKhlp2qtUcSYC7EffnHzD-Ws2xG-j3aYo
142 stars 575 forks source link

You App is vulnerable. #6

Closed sundargautam18 closed 2 years ago

sundargautam18 commented 2 years ago 
router.route("/").get(protect, getNotes);
router
  .route("/:id")
  .get(getNoteById)
  .delete(protect, DeleteNote)
  .put(protect, UpdateNote);
router.route("/create").post(protect, CreateNote);

The problem with this code is, if I am authenticated I can delete or edit someone's else post if I know post id.

Bimman2021 commented 2 years ago

yes you're right thanks for the note