| CloudKit Share Records leak the title of private iCloud files |
|
|
|
| CVE-2021-4119: [Bookstack] Email harvesting via SQL "LIKE" clause exploitation |
|
|
|
| View Friends List of any users using “View as” | Facebook Bug bounty |
|
|
|
| Deleting account via support ticket |
|
|
|
| Broken session control leads to access private videos using the shared link even after revoking the access for specific time!! — #GoogleVRP |
|
|
|
| Bug Bounty catches part -1 |
|
|
|
| I can see the dislikes count even though is hidden by YouTube | YouTube ($500) |
|
|
|
| How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control) |
|
|
|
| A Case Study of API Vulnerabilities |
|
|
|
| How can I access the members-only video comment? | YouTube ($5,000) |
|
|
|
| How i found “Broken Access Control Through out-of-sync setup” and got $1000 |
|
|
|
| 120 Days of High Frequency Hunting |
|
|
|
| Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397) |
|
|
|
| My first Google HOF |
|
|
|
| Privilege Escalation in Microsoft Teams |
|
|
|
| My write-up in hacking IBM’s administration panel and getting SQLi on it |
|
|
|
| Never leave this tip while you hunting Broken Access Control |
|
|
|
| From URL dumps digging to IDOR , BAC, Massive Phishing in Udemy |
|
|
|
| Privilege Escalation, worth of €300 |
|
|
|
| Admin access !! |
|
|
|
| Broken Access control bug : Bypassing 403’s by finding another endpoint that do the same thing. |
|
|
|
| How I was able to see likes and dislikes count even though is hidden by victim | YouTube #3 |
|
|
|
| How I hacked a Target again and again… |
|
|
|
| Auth Bypass in https://nearbydevices-pa.googleapis.com |
|
|
|
| DMCA.COM Hack, Full Disclosure (With Proof-of-Concept) |
|
|
|
writeups.xyz
/
Broken Access Control