AntiHack IDOR on Create Submission


Hello everyone, this is my PoC of AntiHack IDOR. So this vulnerability can make attacker create submission on all program, even the program was locked.

  1. Create submission and intercept request using burpsuite.
  2. Send the request to intruder

The vulnerable parameter is “comp_id”

3. So i create python script to generate number of comp_id

4. After that load into intruder and launch attack

My AntiHack inbox

And My Profile

Locked Program

Timeline

Dec, 3 2018 — Reported to AntiHack

Dec, 27 2018 — AntiHack change status to Resolved and sent me a swag