EXNESS: IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account
Hi Team, Today I logged into my Exness PA and noticed an updated performance page. I thought to give it a quick check and noticed that the API endpoints responsible for fetching the stats performance chart /stats/ is vulnerable to IDOR via accounts= parameter. The issue allows fetching the stats ...