| Zomatoooo! IDOR in Saved Payments |
|
|
|
| How I got my first $13500 bounty through Parameter Polluting (HPP) |
|
|
|
| The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover |
|
|
|
| A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel |
|
|
|
| Bypassing ACLs – IDOR exploitation via HPP |
|
|
|
| IDOR on HackerOne Embedded Submission Form |
|
|
|
| How I was able to discover ATO Via IDOR vulnerability |
|
|
|
| Taking over accounts in multiple ways |
|
|
|
| Using E-Notation to bypass Access Control restrictions to access arbitrary user PII-discussions |
|
|
|
| Bypassing an IDOR A couple of times — $$$$ |
|
|
|
| $20,300 Bounties from a 200 Hour Hacking Challenge |
|
|
|
| We Hacked Google A.I. for $50,000 |
|
|
|
| Account Takeover [It Looked Secure at First] |
|
|
|
| Add comment on a private Oculus Developer support |
|
|
|
| Break saved option for other users in facebook – From N/A to valid bug |
|
|
|
| Disclose latest stream video asset earnings for any gaming streamer page |
|
|
|
| Disclose private mockups for other users in facebook Creative Hub |
|
|
|
| Persistent Distorted Posts Issue and Unremovable Content in Facebook Group |
|
|
|
| Send messages through notification to facebook & workplace users without getting blocked |
|
|
|
| Sign up for Brand Collabs Manager on behalf of other page admins – Privilege Escalation |
|
|
|
| Chaining IDOR and Host Header can takeover 18 Billion of users account |
|
|
|
| How to Discover IDOR from a Blank Page — Bug Bounty Tuesday |
|
|
|
| Unauthorized Disclosure of Video Thumbnails in Facebook Workplace |
|
|
|
| Adding Descriptions to Instagram Posts on Behalf of Other Users |
|
|
|
| Disclose private attachments in Facebook Messenger Infrastructure |
|
|
|
writeups.xyz
/
IDOR