IDOR may allow access to non-public photos
Medium
F
Flickr
Submitted None
Team Summary
Official summary from Flickr
By adding elsewhere-discovered photo IDs for non-public photos uploaded by others to a Flickr group via an upload batch run by the attacker the attacker could gain access via their membership is that group to the third party photos.
Actions:
Reported by
0xcyborg
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)