Hey, Amazing Hackers, am Raidh Ĥere, Hope, you all are doing well.
I am back again with my 2nd write up on Dialogflow IDOR vulnerability which is interesting to find. So, without wasting any time and lets begin the read.
After finding the previous vulnerability I didn’t give up. So, I started searching for more bugs and I understand the app is more vulnerable with broken access issues.
The dialogflow have 2 different versions of applications. Dialogflow Essentials and Dialogflow CX. Actually Dialogflow CX is an upgraded version of Essentials with lots of feature. So, I started searching for broken access control issues.
I always test IDOR manually because using automated tools won’t make any sense for changing methods adding custom headers and more.
While testing the application, I saw an interesting option called Test Cases.
But the Test Cases are empty and I tried to import them but it didn’t work! 🙁
So, I started searching about the feature but I got nothing. So finally, I decided to read
Read the article