-
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.
Eaton -
Hacking into a Toyota/Eicher Motors insurance company by exploiting their premium calculator website
A vulnerable API on Toyota Tsusho Insurance Broker India’s premium calculator website exposed Microsoft corporate cloud credentials.
Eaton -
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.
Eaton -
Tapping into a telecommunications company’s office cameras
API flaw enabled livestreaming of a telecommunications company’s office cameras.
Eaton -
Compromising Honda’s power equipment / marine / lawn & garden dealer eCommerce platform through a vulnerable password reset API
A vulnerable password reset API made it possible to take over any account and gain admin-level access to the platform. In addition, broken/missing access controls made it possible to access all data on the platform.
Eaton
Subscribe to new posts
Get an email notification every time something new is published.