Deleting someone else's profile image with a GraphQL query in programming education service (https://entry.line.me)
Medium
L
LY Corporation
Submitted None
Team Summary
Official summary from LY Corporation
LINE entry is a service that provides programming education for children (https://entry.line.me). LINE entry provides users with the ability to add profile images. It was possible to delete other people's profile images or thumbnails using a GraphQL query.
Actions:
Reported by
tosun
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)