#BugBounty — ” Your details are saved into my account”-User info disclosure Vulnerability in Practo (India’s biggest healthcare app)

Send SMS functionality
Send SMS HTTP request
Send SMS HTTP Response
Other user information added to my account
IDOR user details

--

--

--

Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Avinash Jain (@logicbomb)

Avinash Jain (@logicbomb)

Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc

More from Medium

Business Logic Errors - Art of Testing Cards

CVE-2012–6342: Atlassian Confluence — Cross-Site Request Forgery (CSRF)

My Pentest Log -13- (Bypass Renaming on File Upload)

Gaining Unauthorized Camera Access via Safari UXSS — CVE-2021–30861, CVE-2021–30975