daffainfo
/
AllAboutBugBounty
mirror of https://github.com/daffainfo/AllAboutBugBounty.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added uuid bypass

pull/3/head
Muhammad Daffa 2021-02-09 20:58:04 +07:00 committed by GitHub
parent 614ff9f093
commit be9be3326c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Insecure Direct Object References.md
View File

@ -105,5 +105,14 @@ Try this to bypass
GET /ADMIN/profile
```
11. Try to swap uuid with number
```
GET /file?id=90ri2-xozifke-29ikedaw0d
```
Try this to bypass
```
GET /file?id=302
```
Reference:
- [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup
- [@swaysThinking](https://twitter.com/swaysThinking) and other medium writeup