Tag: bola

All the articles with the tag "bola".

• Broken Object Level Authorization: Accessing Private Wishlists

  kOaDT

  31 Jan, 2026

  Exploiting a Broken Object Level Authorization vulnerability in OopsSec Store's wishlist feature to access other users' private wishlists and retrieve sensitive internal data.