How I Found Broken Access Control -Then I Stopped Hunting
一位安全研究人员测试加密货币平台时发现缓存欺骗和访问控制漏洞,并成功利用接触ID绕过限制。尽管报告被标记为重复且修复延迟,他仍坚持漏洞挖掘。 2025-9-6 05:52:3 Author: infosecwriteups.com(查看原文) 阅读量:9 收藏

Umanhonlen Gabriel

I picked up a cryptocurrency platform subdomain xyz.REDACTED.net

Before starting, I already believed their security measures would be stringent, but little did I know that nothing is actually secure unless tested.

So I observed how the platform worked, looked beyond the fancy frontend, and tried to sign up with [email protected].

Boom!!! I saw on my screen that a mail had been sent.

Good. Now time to hunt proper.

I set up all what was needed and registered.

I was looking around, tried cache deception, and found an endpoint that got cached by observing the network tab (HIT).

Wooow.

I was so happy and had to try it on incognito to see if it was actually cached to return my info but oh no, I got “session expired.”

I documented it to try cache poisoning later, but moved on to see what else I could do.

Then I noticed a tab to create a contact and here was my catch.

Created a contact for User A and noticed a contact ID.

Logout from User A and login as User B.

Create a contact for User B, but this time, swap the contact ID of User A into User B’s request.

Oh wowowooooooo!!!
I saw User A’s contact.

Tried User B’s again and saw User B’s contact.

I reported immediately but got a duplicate.

The triager said the fix is still pending in the pipeline, and the first researcher’s report has already been closed and awarded.

I was happy to get a broken access control flaw but the mode of communication made me stop on the platform.

Bug bounty hunting is becoming frustrating.
Most triagers get you pissed, but then, the skills will never leave you.

Until you land the big win one day, keep hunting.

Feel Free to connect with me on LinkedIn or X :

https://www.linkedin.com/in/umanhonlen/

https://x.com/sudosu01

Thank you!


文章来源: https://infosecwriteups.com/how-i-found-broken-access-control-then-i-stopped-hunting-a48187e8702a?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh