Share
## https://sploitus.com/exploit?id=WPEX-ID:C452C5DA-05A6-4A14-994D-E5049996D496
After a user has bought a ticket, an example of a ticket would look like

https://www.website.com/?download_ticket=1&order_key=1234567890&download_ticket_nonce=ab903b7c71, but due to missing validation, the URL can be shortened to https://www.website.com/?download_ticket=1&order_key=1234567890.

This allows an attacker to take the ID value from another purchase in the download_ticket parameter and iterate through the order_key parameter from 00000000 to 99999999 and steal tickets from other participants