eLearnSecurity Blog

Tag: insecure direct object reference

Web Vulnerability Discovered in Hilton Hotel Site

hilton honors web vulnerability security

A security flaw was discovered in the Hilton.com website that allowed an attacker to gain access to a client’s account simply by knowing or guessing the account number. Bansec security firm found the flaw at the Hilton HHonors page wherein an attacker could hijack any other account just by changing the site’s HTML content to reflect the other account number, then reloading the page.

Tags: , , , , , , , , ,

Read more

Go to top of page