Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2203A fever Worth 750$- [Accessing Private Projects ] IDOR Information disclosure Mozilla Shakti Mohanty (@3ncryptSaan) Bug Bounty2021-09-222023-06-13
2135Unauthorized access to any Facebook user’s draft profile picture frames IDOR Meta / Facebook Sandeep Hodkasia (@sandeephodkasia) Bug Bounty2021-10-222023-06-13
2125A 7500$ Google sites IDOR IDOR Google Jalal (@r0ckin_) Bug Bounty2021-10-242023-06-13
2118Unauthorized access to any user’s account. IDOR Authentication bypass Account takeover NA vikram naidu (@ImVikram7msd) Bug Bounty2021-10-282023-06-13
2108Never Give Up — Story of Hacking Dutch Government and Earning that Dutch Swag. IDOR Dutch Government BabaBounty (@Rohan96867358) Bug Bounty2021-10-312023-06-13
2103HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from waybackurls IDOR DigitalOcean Anurag__Verma Bug Bounty2021-11-042023-06-13
20994 Crits in 48 hours: Unicorn Programs Privilege escalation Information disclosure IDOR NA Monke (@pmofcats) Bug Bounty2021-11-062023-06-13
2094Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over IDOR Google Cam (@secretlyhidden1) Bug Bounty2021-11-092023-06-13
2086From URL dumps digging to IDOR , BAC, Massive Phishing in Udemy Broken Access Control Information disclosure IDOR HTML injection Udemy Mostafa Mamdoh Bug Bounty2021-11-122023-06-13
2085chaining improper authentication to idor and no rate limit for mass account takeover Account takeover Lack of rate limiting CSRF IDOR NA mohit (@mohit29295572) Bug Bounty2021-11-122023-06-13
2083Privilege Escalation, worth of €300 Broken Access Control IDOR Privilege escalation NA Hemant Kumar Bug Bounty2021-11-122023-06-13
2023This is how i was able to See and Delete your Private Facebook Portal photos IDOR Meta / Facebook Abhishek Pathak (@pathleax) Bug Bounty2021-12-042023-06-13
2022Accidental IDOR in eLearnSecurity to Knowing Your Address and Cert You Bought. IDOR INE Anugrah SR (@cyph3r_asr) Bug Bounty2021-12-052023-06-13
2018How I was able to change Reddit acquired Dubsmash%27s music library sound tracks%27 titles IDOR Reddit Sandeep Hodkasia (@sandeephodkasia) Bug Bounty2021-12-072023-06-13
1995Gumtree – leaking your data and not really listening IDOR Gumtree Alan Monie (@AlanMonie) Bug Bounty2021-12-152023-06-13
1993Broken Access Control IDOR Microsoft Meareg Bug Bounty2021-12-162023-06-13
1987How I was able to reveal page admin of almost any page on Facebook IDOR Meta / Facebook Sudip Shah Bug Bounty2021-12-202023-06-13
1973Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)😲 Authentication bypass IDOR Lack of rate limiting NA Anurag__Verma Bug Bounty2021-12-252023-06-13
1955Bug Hunting Journey of 2021 Stored XSS Open redirect Token leak CSRF Logic flaw Information disclosure IDOR Account takeover NA Sudhanshu Rajbhar (@sudhanshur705) Bug Bounty2021-12-312023-06-13
1951A tale of zero click account takeover Account takeover IDOR NA Veshraj Ghimire (@GhimireVeshraj) Bug Bounty2022-01-012023-06-13
1946IDOR leads to leak Private Details IDOR NA annonymous Bug Bounty2022-01-032023-06-13
1941thisclosed_#1 - Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality IDOR Password reset Account takeover NA Samuele Gugliotta (@indevi0us) Bug Bounty2022-01-042023-06-13
1937How I was able to spoof any Instagram username on Instagram shop IDOR Meta / Facebook Nawaf Alkhaldi (@nvmeeet) Bug Bounty2022-01-062023-06-13
1920XSS Filter Evasion + IDOR XSS IDOR NA JM Sanchez / 0xEchidonut (@jmrcsnchz) Bug Bounty2022-01-132023-06-13
1864IDOR vulnerability on invoice and weak password reset leads to account take over IDOR Password reset Account takeover Payment tampering Logic flaw NA Damaidec Bug Bounty2022-02-012023-06-13