ShareChat/Moj IDOR Vulnerability
2022
Security Research
Impact
Protected millions of users' privacy
Overview
During a security assessment of the Moj platform by ShareChat in 2022, I identified a critical IDOR vulnerability that could allow unauthorized users to modify the privacy settings of any post on the platform. The vulnerability existed in the API endpoint responsible for updating post privacy settings. By manipulating the post ID parameter, an attacker could change any post's visibility from private to public or vice versa, potentially exposing private content to unauthorized users.
Timeline
August 2022
Vulnerability Discovery
Identified the IDOR vulnerability during security testing
September 2022
Responsible Disclosure
Reported the vulnerability to ShareChat security team
October 2022
Patch Implementation
Vulnerability was successfully patched and verified
Technical Details
- Identified vulnerable API endpoint handling post privacy settings
- Demonstrated unauthorized access through parameter manipulation
- Provided proof of concept and remediation recommendations
- Verified patch implementation and security fixes
Tools & Technologies
Burp Suite
API Testing
Security Analysis