Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1535PayPal IDOR via billing Agreement Token (closed Informative, payment fraud) IDOR Paypal Souhaib Naceri (@h4x0r_dz) Bug Bounty2022-05-212023-06-13
1491Account Takeover by Chaining Two IDORs IDOR Account takeover NA Demon (@R29k_) Bug Bounty2022-06-082023-06-13
1478How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook IDOR Meta / Facebook Neeraj Sharma (@root_n33r4j) Bug Bounty2022-06-122023-06-13
1450How I hacked one of the biggest Airline in the world IDOR Account takeover Authorization flaw NA Dali Jandro (@Sazouki_) Bug Bounty2022-06-182023-06-13
1442Exploiting vulnerabilities in iOS Application IDOR Bruteforce Lack of rate limiting Account takeover iOS NA Raj Singh Chauhan (@raj_singh_ch) Bug Bounty2022-06-222023-06-13
1420Access control worth $2000 (everyone missed this IDOR+Access control between two admins.) IDOR Broken Access Control NA dhakal_bibek (@dhakal__bibek) Bug Bounty2022-06-282023-06-13
1413My First Apple Bug And My First Writeup IDOR Email verification bypass Apple Banavath Aravind (@nanicyb) Bug Bounty2022-06-292023-06-13
1400We Hacked Larksuite For 1 month and Here is what we found XSS IDOR Privilege escalation Broken Access Control CSRF 40x bypass Lark Technologies Snap Sec (@snap_sec) Bug Bounty2022-07-042023-06-13
1398Exposing Millions of Voter ID card users’ details. IDOR OTP bypass Account takeover Logic flaw CERT-In Aziz Al Aman (@nxtexploit) Bug Bounty2022-07-062023-06-13
1391PII Disclosure of Apple Users ($10k) IDOR Lack of rate limiting Bruteforce Information disclosure Apple Ahmad Halabi (@Ahmad_Halabi_) Bug Bounty2022-07-072023-06-13
1386An interesting idor that allowed me to See all projects ($$$$ Bounty) IDOR NA Abdelkader Mouaz (@hamzadzworm) Bug Bounty2022-07-092023-06-13
1379How a Simple IDOR Led Me to Delete Any Account IDOR CSRF NA rajesh.r (@_rajesh_ranjan_) Bug Bounty2022-07-122023-06-13
1367Abusing URL Shortners for fun and profit Information disclosure Account takeover IDOR NA Sicksec (@OriginalSicksec) Bug Bounty2022-07-142023-06-13
1362Exploiting Arbitrary Object Instantiations in PHP without Custom Classes Lack of rate limiting Privilege escalation IDOR Account takeover NA Muhammad Talha / evilmango Bug Bounty2022-07-152023-06-13
1349Hey Google Lets submit bug from Victim Account ! IDOR Google Prasanth Elangovan Bug Bounty2022-07-182023-06-13
1332I mean, IDOR is NOT only about others ID IDOR NA can1337 (@canmustdie) Bug Bounty2022-07-222023-06-13
1323A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125 IDOR NA Marcos IAF (@marcos_iaf) Bug Bounty2022-07-242023-06-13
1315Digging JS files to find BUGs IDOR Information disclosure NA Adnan Malik (@adnanmalikinfo) Bug Bounty2022-07-252023-06-13
1285Multiple bugs in one program leads to 1500€ Privilege escalation IDOR Authorization flaw NA can1337 (@canmustdie) Bug Bounty2022-08-022023-06-13
1235Bypassing unexpected IDOR IDOR 40x bypass NA Bharatsingh Bug Bounty2022-08-132023-06-13
1221Business Logic Vulnerability via IDOR IDOR Payment tampering NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-152023-06-13
1183Oracle SBC: Multiple Security Vulnerabilities Leading to Unauthorized Access and Denial of Service IDOR Path traversal DoS Oracle Harold Zang Bug Bounty2022-08-232023-06-13
1173Break the Logic: 5 Different Perspectives in Single Page (€1500) Client-side enforcement of server-side security IDOR Authorization flaw NA can1337 (@canmustdie) Bug Bounty2022-08-262023-06-13
1167The Million Dollar IDOR IDOR Race condition GraphQL NA Monish Basaniwal Bug Bounty2022-08-272023-06-13
1165Unsubscribe any user’s e-mail notifications via IDOR IDOR NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-08-282023-06-13