Showing posts with label IDOR. Show all posts

Thursday, 26 March 2020

Stealing videos from vlc

Written by Dhiraj on 07:36 in IDOR, iOS, VLC with No comments

Summary: VLC for iOS was vulnerable to an unauthenticated insecure direct object reference (IDOR) which could allow a local attacker to steal media from the storage by just navigating to the source URL/IP. This was possible by abusing a functionality in the iOS application for VLC, which allows a...

IDOR in Power Service

Written by Dhiraj on 10:01 in Adani, Electricity, IDOR, PII, PowerSupply with No comments

Summary One of the India's leading power supply company named, Adani Power Limited is the power business subsidiary of Indian conglomerate Adani Group. A subdomain was vulnerable to IDOR (Insecure Direct Object Reference) which could allow attackers to view bills of any users across India. The bill include details such as Name, Address, Bill Amount, Unit rate, Pervious bill details etc. I...

inputzero

(!=1337) - Just another security blog by Dhiraj

Thursday, 26 March 2020

Stealing videos from vlc

Friday, 13 December 2019

IDOR in Power Service