~/BugBounty/IDOR/”How I was able to exfiltrate any user’s credit coupons”

OPTIONS /api/v1/client_info?email=user@web.com&external_id=00000111&customer_token=7ddf32e17a6ac5ce04a8ecbf782ca509&merch_id=60037

If you make till here, thank you so much for giving it a read, do share your thoughts on this.

--

--

--

I am a security researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What is Smishing? How This Emerging Threat Puts Your Endpoints at Risk.

Binance Blocks U.S-based Users From Accessing Its Platform, Gives 90 Days To Withdraw Funds

How I Hacked WhatsApp and Added Contacts to Groups When Being Blocked

WMI Subscriptions: Risks, Rewards and Opportunity

Web Vulnerabilities: Part 3 — PHP

Introduction to Medium

Hybrid Multi Cloud Task 3

Embedding web pages as frames: Clickjacking, restrictions, and more

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jai Sharma

Jai Sharma

I am a security researcher

More from Medium

This is how I can Turn Off Your Post Notification

sha1 online generator

Thick Client Penetration testing — TCP traffic interception using mitm_relay and Burp.

IDOR EXPLAINED!