World’s easiest hack. You’re looking at /customers/3836/bills? What happens if you change that to 4000? They’re a big company. I bet that exists.
Did they put proper security checks EVERYWHERE? Easy to test.
But if you’re at /customers/{big-long-hex-string}/bill the chances of you guessing another valid ID are basically zero.
Yeah it’s security through obscurity. But it’s really good obscurity.
It looks like you have JavaScript disabled. This web app requires that JavaScript is enabled.
Please enable JavaScript to use this site (or just go read Hacker News).
World’s easiest hack. You’re looking at /customers/3836/bills? What happens if you change that to 4000? They’re a big company. I bet that exists.
Did they put proper security checks EVERYWHERE? Easy to test.
But if you’re at /customers/{big-long-hex-string}/bill the chances of you guessing another valid ID are basically zero.
Yeah it’s security through obscurity. But it’s really good obscurity.