Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1860My first bounty, IDOR + Self XSS [€3000] Self-XSS IDOR Intigriti Ladecruze (@ladecruze) Bug Bounty2022-02-022023-06-13
1843What I Found on Sony Vulnerability Disclosure Program Information disclosure Lack of rate limiting Open redirect IDOR XSS Sony Aditya Singh / rook1337 (@imrook1337) Bug Bounty2022-02-072023-06-13
1841Full Account takeover (ATO) — a tale of two bugs 🐛 IDOR Account takeover NA Kwadwo Amoako Bug Bounty2022-02-082023-06-13
1835Story of critical security flaws I found in Glints IDOR Information disclosure Glints huli (@aszx87410) Bug Bounty2022-02-092023-06-13
1834Oracle Server Side Request Forgery (SSRF) Metadata SSRF Oracle Lidor Ben Shitrit Bug Bounty2022-02-082023-06-13
1817Trim private live videos and access them (Meta bug bounty) IDOR Meta / Facebook abdellah yaala (@yaalaab) Bug Bounty2022-02-152023-06-13
1769IDOR in support.mozilla.org through Code Review IDOR Mozilla Brandon Roldan Bug Bounty2022-03-022023-06-13
17674300$ Instagram IDOR Bug (2022) IDOR Meta / Facebook Nawaf Alkhaldi (@nvmeeet) Bug Bounty2022-03-022023-06-13
1744I can see the dislikes count even though is hidden by YouTube | YouTube ($500) Broken Access Control IDOR NA R ando (@Rando02355205) Bug Bounty2022-03-122023-06-13
1716Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors IDOR Microsoft Meareg Bug Bounty2022-03-182023-06-13
1715Adobe bug bounty using IDOR, Confidential data leaks IDOR Adobe Debprasad Banerjee Bug Bounty2022-03-192023-06-13
1710($$$) Broken Authentication and IDOR at [REDACTED] IDOR NA Rizaldi Wahaz (@wah_haz) Bug Bounty2022-03-212023-06-13
1706Story about more than 3.5 million PII leakage in Yahoo!!! IDOR Information disclosure iOS Yahoo! / Verizon Media dhakal_bibek (@dhakal__bibek) Bug Bounty2022-03-222023-06-13
1695Broken Access Control - IDOR IDOR NA Nick Berrie (@machevalia) Bug Bounty2022-03-252023-06-13
1694Deleting account via support ticket IDOR Broken Access Control NA Bijan Murmu (@0xBijan) Bug Bounty2022-03-262023-06-13
1660CloudKit Share Records leak the title of private iCloud files IDOR Broken Access Control Apple David Schütz (@xdavidhu) Bug Bounty2022-04-052023-06-13
1659How I hacked one of the biggest airlines group of the world IDOR Account takeover NA Tarek Bouali (@iambouali) Bug Bounty2022-04-052023-06-13
1649Multiple vulnerability leading to account takeover in TikTok SMB subdomain. IDOR TikTok Ahmad A Abdulla (@lu3ky13) Bug Bounty2022-04-072023-06-13
1642The #100DaysOfHacking Challenge : A Game Changer for Me IDOR NA Najam Ul Saqib (@NjmUlSqb) Bug Bounty2022-04-102023-06-13
1634IDOR (Insecure Direct Object Reference) leads to listing all valid Users and edit their Profiles IDOR Drexel University Ahmed Hassan Bug Bounty2022-04-122023-06-13
1568P1 Bug — PII information disclosure Information disclosure IDOR NA Huntersherlock Bug Bounty2022-05-082023-06-13
1567How I Paid For My Holiday With Bug Bounty XSS Broken Access Control IDOR Unrestricted file upload NA Tobydavenn Bug Bounty2022-05-082023-06-13
1558Takeover seller accounts worth billions & millions IDOR Account takeover NA Bijan Murmu (@0xBijan) Bug Bounty2022-05-122023-06-13
1545A Tale of Confusing IDOR IDOR TikTok Avi (@_naaash_) Bug Bounty2022-05-182023-06-13
1541How I was able to access IBM internal documents Information disclosure IDOR IBM Mohamed Taha (@Mohamed12742780) Bug Bounty2022-05-192023-06-13