Unauthorized Access and updation of EMAIL settings of other user at https://app.dropcontact.io/app/sponsorship/ by changing the " email " parameter.
High
D
Dropcontact
Submitted None
Team Summary
Official summary from Dropcontact
When changing email settings with firstpromoter, the email of the account was right in the url, so by changing this parameter, we could change setting of other users.
Actions:
Reported by
xploiterr
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic