Security Finding @Binance Square Official @Daniel Zou (DZ) 🔶

Discovered potential IDOR/information disclosure in Binance Creatorpad leaderboards.

URL pattern:

/creatorpad/{project}global/leaderboard

Simply changing {project} (dusk→xpl→vanar etc.) reveals different project leaderboards without access control checks.

🔓 Risk: Unauthorized access, project enumeration, early data exposure.

#Cybersecurity #BinanceSecurity #WebSecurity #IDOR