IDOR on ads.tiktok.com Allows Unauthorized Product Addition
Low
T
TikTok
Submitted None
Team Summary
Official summary from TikTok
An Insecure Direct Object Reference (IDOR) vulnerability was found on a TikTok Ads API, which could have resulted in the addition of arbitrary products to a user's catalog without proper authorization. We thank @p_oria for reporting this to our team.
Actions:
Reported by
p_oria
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Insecure Direct Object Reference (IDOR)