Veris: Critical IDOR - Get venue data of any organization remotely

2016-03-03T10:36:09
ID H1:120305
Type hackerone
Reporter itly
Modified 2016-06-12T16:04:09

Description

Hello Team,

I have found a critical IDOR vulnerability which allows an attacker to get venue data of any organization remotely by just changing the venue_id.

Proof of Concept: Please find the attached screenshots.

Best Regards,

Hely H. Shah