Zomato: [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php

Introduction In the following ██████████ the endpoint /php/restaurantmenushandler.php was found. This endpoint is meant solely to be accessible for admins, however due to insufficient protections normal users can access this endpoint too. This results in any Zomato user being able to edit and...