| How I Found an Insecure Direct Object Reference in TikTok |
|
|
|
| The 100+ Million Person Data Disclosure |
|
|
|
| Bypassing E2E encryption leads to multiple high vulnerabilities. |
|
|
|
| “2022: A Year of Fascinating Discoveries” |
|
|
|
| Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval |
|
|
|
| Delete any Video or Reel on Facebook (11,250$) |
|
|
|
| Zero Click To Account Takeover (IDOR + XSS) |
|
|
|
| [GraphQL IDOR]Leaking credit card information of 1000s of users |
|
|
|
| Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes |
|
|
|
| How I became a millionaire in 3h | Fintech Bug Bounty — Part 1 |
|
|
|
| IDOR allows to assign deleted tasks to other members in Google Chat Space |
|
|
|
| Scoring $$$ for a very simple bug : You don’t always need proxy tools |
|
|
|
| [BAC/IDOR] How my father credit card help me to find this access control issue |
|
|
|
| 3 Step IDOR in HackerResume |
|
|
|
| Hacking on a plane: Leaking data of millions and taking over any account |
|
|
|
| The space creators can still see the members of the space, even after they have been removed from the space. |
|
|
|
| [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application |
|
|
|
| A great weekend hack(worth $8k) |
|
|
|
| Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames |
|
|
|
| How I hacked into a government e-learning website |
|
|
|
| Able to Mass-change profile section leads to my first $BOUNTY$ |
|
|
|
| Account Takeover Worth of $2500 |
|
|
|
| The Story Of A Strange / Stored IDOR. |
|
|
|
| Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd |
|
|
|
| Some Tips to Finding IDORs more easily and Fixing them |
|
|
|
writeups.xyz
/
IDOR