Serious security flaw on COVID-19 relief fund website

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,479
Who releases a web application without doing a penetration test on it. From reading this article it seems like an IDOR issues.
 

RonSwanson

Expert Member
Joined
May 21, 2018
Messages
2,558
Who releases a web application without doing a penetration test on it. From reading this article it seems like an IDOR issues.
Agreed that pentesting would have uncovered it, but it is such low-hanging fruit that it could have been discovered by an automated vulnerability scan.
 

FlashSA

Executive Member
Joined
Oct 19, 2007
Messages
8,565
June applications never opened so not sure where the writer got that from. We are all still waiting.

EDIT: OPEN NOW

EDIT2: Site is crashing

EDIT3: Site is working but they have removed the ability to apply for June
 
Last edited:

^^vampire^^

Expert Member
Joined
Feb 17, 2009
Messages
3,716
There's a 19 year old with a weekend bootcamp coding certificate that is trying to fix the vulnerability they didn't cater for.
 
Top