| How I was able to get account takeover via IDOR form JWT |
|
|
|
| Critical vulnerability on TP-Link service or how I got 0$ |
|
|
|
| From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over |
|
|
|
| One Bug at a Time: I failed my quiz on purpose to get $1,000! |
|
|
|
| [Responsible Disclosure] How we could have deleted any Linkedin post |
|
|
|
| From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR |
|
|
|
| Let me Unmask my next 👻 |
|
|
|
| Credit card statement disclosure vulnerability in Viseca's eXpense portal |
|
|
|
| How I chained multiple High-impact vulnerabilities to create a critical one. |
|
|
|
| CVE-2023–24625 / IDOR in Faveo Service Desk |
|
|
|
| Self XSS To Stored Through IDOR/ |
|
|
|
| Accessing to Data Sources of any Facebook Business account via IDOR in GraphQL |
|
|
|
| IDOR on bitdefender.com |
|
|
|
| JS file enumeration for bug bounty hunters |
|
|
|
| How a simple IDOR impacted the data of thousands of customers of an Indian automotive giant |
|
|
|
| My P1 — Account Takeover |
|
|
|
| Insufficient GraphQL API vulnerability due to lack of validation of Authorization Bearer token |
|
|
|
| Exposing 185M+ Indians’ Personal Information and much more |
|
|
|
| Found an URL in the android application source code which lead to an IDOR |
|
|
|
| IDOR Leads to MASS Account Takeover |
|
|
|
| Play with Google, Twitter, Apple, Dell |
|
|
|
| IDOR - Inside the Session Storage |
|
|
|
| An IDOR vulnerability often hides many others |
|
|
|
| Mass Account takeover by bypassing 2 FA |
|
|
|
| Discovered a Critical IDOR and Earned $900 for My First P1 Vulnerability! |
|
|
|
writeups.xyz
/
IDOR