API based IDOR to leaking Private IP address of 6000 businesses

What is IDOR?

What is an API?

The intercepted request
User ID request
The Dev’s reaction

Pentester/Bug Bounty Hunter & A typical Business Undergraduate. (https://www.facebook.com/rafiahamed.rupak.3)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Fix the SSL Connection Error on Android?

Weekly update

Stepping in the Unknown

RIGEL PROTOCOL AMBASSADOR PROGRAM

🦄UNISwap New Airdrop

5 Things You Need To Know in a Post-CCPA World

Querier — HackTheBox Writeup

Why Peer to Peer Verified Identity Matters

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rafi Ahamed (Leonidas D. Ace)

Rafi Ahamed (Leonidas D. Ace)

Pentester/Bug Bounty Hunter & A typical Business Undergraduate. (https://www.facebook.com/rafiahamed.rupak.3)

More from Medium

Does ms15–034 still exist today ?

The Bucket’s Got a Hole in it

Content Discovery: Automated and Manual

Basic CSRF