Fuzzing + IDOR = Admin TakeOver

https://pixabay.com/es/photos/m%c3%a1quina-de-escribir-mec%c3%a1nica-retro-407695/
ffuf -w g0ld3n-api.txt -u https://vulnerable.com/api/endpoint -X POST --data '{"param1":value1,"param2":value2,"FUZZ":6}' -H 'Authorization: Bearer JWT'

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store