Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

IDOR in treat subscriptions

Medium
Z
Zomato
Submitted None

Team Summary

Official summary from Zomato

@harsh13 found an IDOR which leaked `Subscription ID`, `Purchased Date`, `Validity of Zomato Treats`. Thanks @harsh13 for helping us in making @zomato secure :) Cheers.

Actions:
View on HackerOne
Reported by harsh13

Vulnerability Details

Technical details and impact analysis

Insecure Direct Object Reference (IDOR)
The treat subscriptions tab in my profile has an IDOR. The corresponding api: POST /php/filter_user_tab_content.php HTTP/1.1 user_id=██████&tab=treat_subscription&order_history_offset=0&order_history_limit=20 You can give any user id and you will be able to see the treat subscriptions of that user. ## Impact A user can view treat subscriptions of any other user.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Insecure Direct Object Reference (IDOR)