IDOR in Government Ownership API Exposed Private Business Owner PII via CR Number Enumeration

Severity: HighBounty Awarded: $1,506Program: Private Bug BountyPlatform: Bugbounty.sa Some IDORs are obvious immediately. You change an ID. Someone else’s data appears. Easy. Others look harmless at f