UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass

Program: Affirm Bug Type: IDOR Bounty: 500 Date: 2021-08-30

IDOR broken-access-control

Summary

The researcher found an IDOR vulnerability in a payment inteface api, one of the parameter to the API is checkout_ari, when replaced with the value of other user, it dumped the order information of the user the checkout_ari belonged to.

References

https://hackerone.com/reports/1323406

← Back to Reports