RBKmoney: IDOR in merchant.rbmonkey.com allows deleting eShops of another user

2017-10-20T23:30:48
ID H1:281296
Type hackerone
Reporter rijalrojan
Modified 2018-01-29T10:51:53

Description

Website merchant.rbmonkey.com was exposed to an insecure direct object reference vulnerability (IDOR) which may allow an attacker to deleting shop objects of another user.