TikTok: Privilege Escalation on TikTok for Business
An IDOR Insecure Direct Object Reference vulnerability was found on the "orgid" and "accountid" parameters on a Business.TikTok.com endpoint, which could have resulted in an authenticated user with "Analyst" level permissions to close another user's ads accounts. We thank @naaash for reporting th...