U.S. Dept Of Defense: IDOR : Modify other users demographic details

The IDOR vulnerability allowed a malicious user to modify other user's demographic details on the vulnerable domain www.█████████. The vulnerability was present in the /JOINOnline/Board/SubmitDoc endpoint, where the user ID parameter was not properly validated, allowing an attacker to update the...

U.S. Dept Of Defense: Blind SQL iNJECTION

Hi DoD Secuirty team , i found Blind SQL Injection in this below domain https://███████ Proof of concept: Vuln URL:https://██████████/██████ Pooc: URL encoded POST input ███ was set to -1' OR 321=6 AND 1=1 or '4mEwSPwJ'=' Tests performed: -1' OR 1=1 or '4mEwSPwJ'=' = TRUE -1' OR 2=4 or '4mEwSPwJ'...