BOLA on Topcoder: Another IDOR vulnerability disclosed, this time in the Topcoder portal

The second BOLA/IDOR vulnerability was discovered by researchers at Synopsys and reported to UpGuard Security Research Team. The issue is similar to the first one we covered last week — it allows an attacker with access to a user account on the Topcoder platform (a popular crowdsourcing service for software developers) to gain access to other users’ accounts without any authorization checks. This can be done by modifying their own profile information, which triggers an update of another user’s profile when they visit that page
https://t.co/4USCx3VVbc