U.S. Dept Of Defense: Insecure Direct Object Reference (IDOR) vulnerability in a DoD website

2017-02-17T11:45:54
ID H1:207099
Type hackerone
Reporter amsda
Modified 2017-08-15T16:47:40

Description

A Department of Defense website was vulnerable to an IDOR attack which may allow an attacker to modify web content or certain database parameters. @eugui was able to demonstrate this vulnerability by manipulating web objects in a clever way. Very well done. Thank you!