Skip to content

Instantly share code, notes, and snippets.



An insecure, direct object reference vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.

Additionally, an insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.



  • 'Fish|Hunt FL' iOS application, used to manage Florida hunting and fishing licenses.