[www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users
Low
Z
Zomato
Submitted None
Team Summary
Official summary from Zomato
@riya found an IDOR which leaked Validity of Gold Subscriptions. Thanks for helping us in making @zomato more secure :) Disclosing it to encourage more female bug hunters to get into Bug Bounties/Security. Cheers.
Actions:
Reported by
riya
Vulnerability Details
Technical details and impact analysis
Hello Zomato,
The following URL : https://www.zomato.com/gold/payment-success?subscription_id=██████████&user_id=█████████ is vulnerable to IDOR in `subscription_id` field. Anyone can get Subscription Start & End Date and Plan Duration of a Membership ID just by changing the `subscription_id` parameter.
{F291153}
MEMBERSHIP ID : ████
STARTED ON : 22 Dec 2017
VALID UP TO : 22 Jun 2018
Subscription Plan : 6 month plan
## Impact
Anyone can get Subscription Start & End Date and Plan Duration of a Membership ID.
___Cheers!
Riya___
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$100.00
Submitted
Weakness
Insecure Direct Object Reference (IDOR)