Security Research
Fitness Platform Analysis
180 API endpoints tested across 18 platforms. One critical IDOR vulnerability confirmed. 8,983 hosts exposed.
Hosts Exposed
8,983
via Momence IDOR
Countries
117
worldwide
Platforms Tested
18
180 endpoints total
Grade A
14
secure platforms
Grade F
1
Momence — IDOR
⚠ Critical: Momence IDOR Vulnerability
The endpoint
https://readonly-api.momence.com/host-plugins/host/{id}/host-schedule requires no authentication and returns full business data for any sequential ID. IDs 1–130,000 were enumerated, yielding 8,983 confirmed hosts across 117 countries. This is a textbook Insecure Direct Object Reference (IDOR) — any actor can harvest the entire customer database.
Grade Distribution
Top Countries (Momence Hosts)
Industry Breakdown
Endpoint Security Status
Security Ratings — 18 Platforms
Loading...
| Platform | Grade | Endpoints | Results | Auth Method | Notes |
|---|---|---|---|---|---|
| Loading... | |||||
Momence Host Database
Loading...
Loading 8,983 hosts...