IDOR in https://3d.cs.money/

Program: CS Money Bug Type: IDOR Bounty: Unspecified Date: 2020-09-25

IDOR

Summary

A researcher found a medium level IDOR vulnerability in a online gaming skin marketplace, where an attacker can clear the build list of a victim, by changing the steamID cookie in request to /sync from the attacker's profile to that of the Victim.

References

https://hackerone.com/reports/990878

← Back to Reports