Showing posts with label IDOR. Show all posts
Showing posts with label IDOR. Show all posts

Thursday, 26 March 2020

Stealing videos from vlc

Summary: VLC for iOS was vulnerable to an unauthenticated insecure direct object reference (IDOR) which could allow a local attacker to steal media from the storage by just navigating to the source URL/IP. This was possible by abusing a functionality in the iOS application for VLC, which allows a...
Share:

Friday, 13 December 2019

IDOR in Power Service

Summary One of the India's leading power supply company named, Adani Power Limited  is the power business subsidiary of Indian conglomerate Adani Group. A subdomain was vulnerable to IDOR (Insecure Direct Object Reference) which could allow attackers to view bills of any users across India. The bill include details such as Name, Address, Bill Amount, Unit rate, Pervious bill details etc. I...
Share: