IDOR to cancel any table booking and leak sensitive information such as email,mobile number,uuid
High
Z
Zomato
Submitted None
Team Summary
Official summary from Zomato
Hacker is able to cancel the other user's table booking, The same request leaked the private information of the user (email & mobile no).
Actions:
Reported by
darwinks
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$250.00
Submitted
Weakness
Insecure Direct Object Reference (IDOR)