Able to change other publishers' payment details

Disclosed by
AlWaYsHuNt's avatar
AlWaYsHuNt
  • Engagement Opera Public Bug Bounty
  • Disclosed date about 3 years ago
  • Points 20
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by AlWaYsHuNt

Due to IDOR able to change other publisher's payment details

Activity
  1. Joshua’s avatar
    Joshua Customer published the disclosure report

    ()

  2. AlWaYsHuNt’s avatar
    AlWaYsHuNt requested disclosure

    ()

  3. AlWaYsHuNt’s avatar
    AlWaYsHuNt sent a message

    ()

  4. Joshua’s avatar
    Joshua Customer rewarded AlWaYsHuNt

    ()

  5. YoYo Bugbounty’s avatar
    YoYo Bugbounty changed the state to Resolved

    ()

  6. AlWaYsHuNt’s avatar
    AlWaYsHuNt sent a message

    ()

  7. Joshua’s avatar
    Joshua Customer changed the severity to P3

    ()

  8. Joshua’s avatar
    Joshua Customer updated the submission

    ()

  9. Joshua’s avatar
    Joshua Customer updated VRT to Broken Access Control (BAC) > Insecure Direct Object References (IDOR)

    ()

  10. Joshua’s avatar
    Joshua Customer changed the state to Unresolved

    ()

  11. Joshua’s avatar
    Joshua Customer rewarded AlWaYsHuNt 20 points

    ()

  12. Joshua’s avatar
    Joshua Customer sent a message

    ()

  13. soheesec_bugcrowd’s avatarbugcrowd logo
    soheesec_bugcrowd changed the state to Triaged

    ()

  14. soheesec_bugcrowd’s avatarbugcrowd logo
    soheesec_bugcrowd changed the severity to P2

    ()

  15. soheesec_bugcrowd’s avatarbugcrowd logo
    soheesec_bugcrowd updated VRT to Broken Access Control (BAC)

    ()

  16. soheesec_bugcrowd’s avatarbugcrowd logo
    soheesec_bugcrowd sent a message

    ()

  17. AlWaYsHuNt’s avatar
    AlWaYsHuNt sent a message

    ()

  18. AlWaYsHuNt’s avatar
    AlWaYsHuNt created the submission

    ()