Settings

Theme

I hacked India's GST portal–11.8M taxpayers exposed; enabling stock manipulation

aseem-shrey.medium.com

6 points by LuD1161 10 months ago · 1 comment

Reader

LuD1161OP 10 months ago

I found an Insecure Direct Object Reference(IDOR0 security issue that led to leaking GST challans (receipts) of all the 11.8M registered taxpayers. Here's the full story alongwith a video PoC.

Note: No personal data was ever shared or harvested. This was responsibly disclosed to the authorities through proper channels and only after the disclosure timeline (120 days) was it published in the online media.

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection