HACKER Q&A
📣 takklz

Endpoint Security Question


Random question that perhaps someone could shed some light on.

My buddy and I are having an argument regarding one of our pages. The page is for unsubscribing from emails. Simple enough, the endpoint looks like this:

Blah blah.com/emailpref?email=test@test.com

This takes them to a page saying. “Thanks, John for visiting your email preferences page”.

From there they manage their email preferences.

I told him that this is a super insecure design, and theoretically someone could brute force usernames and emails from this.

Am I overreacting? What am I missing here?

  👤 ssklash Accepted Answer ✓
Pentester here. Absolutely something I would look at and abuse. You're disclosing information, allowing the harvesting of valid email addresses, and allowing access to an account. even if only in a limited capacity for email management, based on only the email. There's no reason to do it this way.

See here: https://portswigger.net/web-security/access-control/idor