Original Post: IDOR at Election Commission Website | by Cyberspecs | Jun, 2024
The content is a blog post related to cybersecurity, written by Cyberspecs on Medium. The author begins by sharing a personal experience involving changes needed for voter ID cards for themselves and their parents. Upon logging into their father’s account, they noticed incorrect details from a user in a different state. This prompted the author, a penetration tester, to investigate the website’s APIs. They discovered an Insecure Direct Object Reference (IDOR) vulnerability at the endpoint /api/v1/e-epic/get-epic-detail, which lacked rate limiting, allowing user A to access other users’ details by brute-forcing using their own JWT token. The post aims to educate the cybersecurity community about this vulnerability.
Go here to read the Original Post