Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5275How I found my way into Instagram%27s Ganglia, and a bug with Facebook likes. Reflected XSS IDOR Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2013-07-232023-06-13
5272Delete any Photo from Facebook by Exploiting Support Dashboard - $12,500 Bug IDOR Meta / Facebook Arul Kumar (@ArulVaiyapuri) Bug Bounty2013-09-012023-06-13
5242Popping a shell on the Oculus developer portal SQL injection CSRF RCE IDOR Meta / Facebook Bitquark (@bitquark) Bug Bounty2014-08-312023-06-13
5226vimeo IDOR ( buying pro membership & ondemand videos for 0.1$ ) IDOR Vimeo N B Sri Harsha (@nbsriharsha) Bug Bounty2015-01-162023-06-13
5217[Responsible disclosure] How I could have hacked 62.5 million Zomato Users IDOR Zomato Anand Prakash (@anandpraka_sh) Bug Bounty2015-06-042023-06-13
5216The easiest bug bounties I have ever won IDOR Meta / Facebook Josip Franjkovic (@josipfranjkovic) Bug Bounty2015-07-132023-06-13
5201Leaking API keys in Bing Maps Portal IDOR Microsoft Sai Krishna Kothapalli (@kmskrishna) Bug Bounty2015-12-312023-06-13
5188How I Could Compromise 4% (Locked) Instagram Accounts IDOR DoS Authorization flaw Meta / Facebook Arne Swinnen (@ArneSwinnen) Bug Bounty2016-03-272023-06-13
5163Uber Hacking: How we found out who you are, where you are and where you went Bruteforce Information disclosure Logic flaw IDOR Uber Vitor “r0t” Oliveira (@r0t1v) Bug Bounty2016-06-242023-06-13
5117IDOR in Facebook%27s Acquisition (Parse) IDOR Meta / Facebook Venkatesh Sivakumar (@pranavvenkats) Bug Bounty2016-12-112023-06-13
5112How I could have compromised any account on one of the biggest startup based in California Account takeover IDOR Password reset NA Prateek Tiwari (@prateek_0490) Bug Bounty2017-01-282023-06-13
5096One company: 262 bugs, 100% acceptance, 2.57 priority, millions of user details saved. Stored XSS Blind XSS CSRF Account takeover IDOR NA Zseano (@zseano) Bug Bounty2017-02-252023-06-13
5082Airbnb – Web to App Phone Notification IDOR to view Everyone’s Airbnb Messages IDOR Airbnb Brett Buerhaus (@bbuerhaus) Bug Bounty2017-03-312023-06-13
5056How I hacked 23.900.000 tumblr domains at once :) IDOR Automattic Ak1T4 (@akita_zen) Bug Bounty2017-06-192023-06-13
5039How a simple IDOR become a $4K User Impersonation vulnerability IDOR NA Shahmeer Amir (@Shahmeer_Amir) Bug Bounty2017-07-082023-06-13
5035Hey UserID x, what’s your secret token? Broken API enables me to leak/modify any users personal information IDOR Account takeover NA Zseano (@zseano) Bug Bounty2017-07-132023-06-13
5032IDOR While Connecting Social Account in Hackster.io IDOR Hackster.io Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-07-182023-06-13
5007Insecure Direct Object Reference In Facebook Events IDOR Meta / Facebook Armaan Pathan (@armaancrockroax) Bug Bounty2017-08-112023-06-13
4997Improper Storage of Private Project’s Files IDOR NA Arbaz Hussain (@ArbazKiraak) Bug Bounty2017-08-302023-06-13
4996Developer Luminate IDOR IDOR Yahoo! / Verizon Media Rojan Rijal (@uraniumhacker) Bug Bounty2017-08-302023-06-13
4989IDOR on HackerOne Hacker Review “What Program Say” IDOR HackerOne Japz Divino (@japzdivino) Bug Bounty2017-09-022023-06-13
4976All About Hackerone Private Program Terapeak IDOR Reflected XSS Terapeak Shubham Gupta (@hackerspider1) Bug Bounty2017-09-202023-06-13
4972IDOR – Execute JavaScript into anyone account IDOR Stored XSS Terapeak Shubham Gupta (@hackerspider1) Bug Bounty2017-09-212023-06-13
4965How I Was Able To View Private Tweets Of Any Private Twitter Account IDOR Twitter Cj Legacion (@LegacionCj) Bug Bounty2017-10-062023-06-13
4954Taking over every Ad on OLX (automated), an IDOR story IDOR OLX Roderick Schaefer (@kciredor_) Bug Bounty2017-10-182023-06-13