Summary:
VLC for iOS was vulnerable to an unauthenticated insecure direct object reference (IDOR) which could allow a local attacker to steal media from the storage by just navigating to the source URL/IP.
This was possible by abusing a functionality in the iOS application for VLC, which allows a...
Showing posts with label IDOR. Show all posts
Showing posts with label IDOR. Show all posts
Thursday, 26 March 2020
Friday, 13 December 2019
IDOR in Power Service
Summary
One of the India's leading power supply company named, Adani Power Limited is the power business subsidiary of Indian conglomerate Adani Group. A subdomain was vulnerable to IDOR (Insecure Direct Object Reference) which could allow attackers to view bills of any users across India. The bill include details such as Name, Address, Bill Amount, Unit rate, Pervious bill details etc.
I...