U.S. Dept Of Defense: Insecure Direct Object Reference (IDOR) vulnerability in a DoD website

ID H1:207099
Type hackerone
Reporter amsda
Modified 2017-08-15T16:47:40


A Department of Defense website was vulnerable to an IDOR attack which may allow an attacker to modify web content or certain database parameters. @eugui was able to demonstrate this vulnerability by manipulating web objects in a clever way. Very well done. Thank you!