Reset API any user via IDOR - API Security Blog

Main / Reset API any user via IDOR

Reset API any user via IDOR

Discription

# Description
Reset API any user without taking action from him via IDOR

# Proof of Concept
1- Create a user

2- Go to setting

3- Open Burp Suite to object to the requisition

4- Click on it Reset API

5- Note that the endpoint is in the request
PATCH/api/user/102

6- When the number that is in endpoint 102 changes to 103, we will notice that the Reset API has been made for other users

# Video
https://drive.google.com/file/d/1beJs4SkGjHd8w94cSBBXE2-yGXvmxaU7/view?usp=share_linkRead More

References

Back to Main

Subscribe for the latest news: