One thing not really understand.

A Less Known Attack Vector, Second Order IDOR Attacks
1K
4
Ozgur Alp
MikeChan
·Follow
1 min read·
Jul 12, 2020
--
One thing not really understand. If they only check last requested id without checking if it is belong to same user session. How was the back end server know it was sent by the user?
--
--
Written by MikeChan648 Followers
·23 Following
Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: https://mikekitckchan.medium.com/membership. Ping me for online private tutoring.
Responses (1)
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams