Last active
February 18, 2016 15:33
-
-
Save vlados/23d0de83505a6db7cd8b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I found a security breach in Intercom.io – by using only app_id for initiating application you can get all the conversations | |
| of every system which is using Intercom! | |
| How: Basically you can get the app_id of every application using Intercom by just search in their HTML, check which users are | |
| created in Intercom for that application_id and initiate the intercom with this app_id and user_id. Eureka! You have all his | |
| conversations! This is what I call a huge problem! |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using this example integration of Intercom you can also change the details of every user: https://gdi2290.net/angular-intercom/example/