🧑Whoami
🕸️Web-AppSec
✉️API-Sec
📱Android-AppSec
📶Network-Sec
💻Desktop AppSec
- Thin Client vs. Thick Client
☁️Cloud Sec
👨‍💻Programming
🖥️Operating Systems
✍️Write-Ups

Powered by GitBook

On this page

Was this helpful?

IDOR Leads to ATO

PreviousExploiting Weak Cryptography NextNetwork-Sec

Last updated 6 months ago

While Proxifying the trafiic with burp suite i Looked up some functions like change-password feature
I noticed the part that contains username but i cant edit the username on it
After sending acorrect request and the password successufully changed

In burp the request was sple api request with parameters username and newpassword
So I Edited the username parameter to another username and it worked i changed other user's password