Hello everyone, this is my PoC of AntiHack IDOR. So this vulnerability can make attacker create submission on all program, even the program was locked.
- Create submission and intercept request using burpsuite.
- Send the request to intruder
The vulnerable parameter is “comp_id”
3. So i create python script to generate number of comp_id
4. After that load into intruder and launch attack
My AntiHack inbox
And My Profile
Dec, 3 2018 — Reported to AntiHack
Dec, 27 2018 — AntiHack change status to Resolved and sent me a swag