Vuln Diaries

Intro: Security issues are important, whether you're a small startup or a major tech company. Likewise, a security researcher is always a researcher, even when searching for a life partner. 😉 Yes, you read that right. I discovered an Insecure Direct Object Reference (IDOR) vulnerability on one of the most popular matrimony websites while browsing profiles for myself. A Tale of Two APIs The website had secured its APIs properly. However, the mobile APIs were left exposed without the same level of protection. One of the key features on this platform is "Favorite Profiles" , where users can shortlist others who match their preferences. While exploring the app using mitmproxy , I noticed that the mobile and web platforms were calling two different APIs. The mobile version was passing the current user's ID as a parameter , which immediately raised a red flag. Digging Deeper, Ethically As a responsible white-hat hacker, I didn't want to compromise anyone's...

 After completing my higher secondary education, I chose a different path. Instead of enrolling in a traditional college, I joined a practical learning program offered by a reputed software company. This program focused on real-world skills and was tailored for students like me, who came from rural backgrounds with limited exposure to technology. Everyone in the batch was fresh out of school, with no prior experience in programming. We were all learning everything from scratch. When we were introduced to Java, basic web development, and application deployment using tools like Apache Tomcat, it felt like stepping into an entirely new world. The Assignment That Changed Everything A few weeks into the program, we were given an assignment: build a functional web application within two weeks using the concepts we had just learned. For most of us, this was our very first real project. The excitement of building something that actually worked was a huge milestone. I completed my app withi...