Mail.ru: [api.pandao.ru] IDOR позволяет изменять адрес любого пользователя

IDOR in deliveryProfiles API of pandao.ru marketplace allowed to change delivery address of arbitrary user On the time of reporting, pandao.ru runs temporary pre-bug bounty competition program with $1000 bounties for vulnerabilities related to money/points/orders manipulation...