| Digging JS files to find BUGs |
|
|
|
| A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125 |
|
|
|
| I mean, IDOR is NOT only about others ID |
|
|
|
| Hey Google Lets submit bug from Victim Account ! |
|
|
|
| Abusing URL Shortners for fun and profit |
|
|
|
| How a Simple IDOR Led Me to Delete Any Account |
|
|
|
| An interesting idor that allowed me to See all projects ($$$$ Bounty) |
|
|
|
| PII Disclosure of Apple Users ($10k) |
|
|
|
| Exposing Millions of Voter ID card users’ details. |
|
|
|
| We Hacked Larksuite For 1 month and Here is what we found |
|
|
|
| My First Apple Bug And My First Writeup |
|
|
|
| Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) |
|
|
|
| Exploiting vulnerabilities in iOS Application |
|
|
|
| How I hacked one of the biggest Airline in the world |
|
|
|
| How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook |
|
|
|
| Account Takeover by Chaining Two IDORs |
|
|
|
| How I Get Bounty From Takeover Account |
|
|
|
| PayPal IDOR via billing Agreement Token (closed Informative, payment fraud) |
|
|
|
| How I was able to access IBM internal documents |
|
|
|
| A Tale of Confusing IDOR |
|
|
|
| Takeover seller accounts worth billions & millions |
|
|
|
| How I Paid For My Holiday With Bug Bounty |
|
|
|
| P1 Bug — PII information disclosure |
|
|
|
| IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their Profiles |
|
|
|
| The #100DaysOfHacking Challenge : A Game Changer for Me |
|
|
|
writeups.xyz
/
IDOR