ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 10:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added uuid bypass

Browse Source
This commit is contained in:
Muhammad Daffa 2021-02-09 20:58:04 +07:00 committed by GitHub
parent 614ff9f093
commit be9be3326c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Insecure Direct Object References.md
View File

@ -105,5 +105,14 @@ Try this to bypass
GET /ADMIN/profile GET /ADMIN/profile
``` ```
11. Try to swap uuid with number
```
GET /file?id=90ri2-xozifke-29ikedaw0d
```
Try this to bypass
```
GET /file?id=302
```
Reference: Reference:
- [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup - [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup