Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1154IDOR at Login function leads to leak user’s PII data IDOR Information disclosure NA Eslam Akl (@eslam3kll) Bug Bounty2022-08-302023-06-13
1138Viewing Instagram live streams anonymously without notifying the host IDOR Logic flaw Privacy issue Meta / Facebook David Schütz (@xdavidhu) Bug Bounty2022-09-022023-06-13
1135How I found my first SSRF to RCE! IDOR SSRF RCE NA Md. Asif Hossain (@0x0asif) Bug Bounty2022-09-042023-06-13
1129IDOR “Insecure direct object references”, my first P1 in Bugbounty IDOR NA jedus0r Bug Bounty2022-09-052023-06-13
1062Tag Myself in Your Favorite TikTok Artist Video [IDOR] IDOR TikTok apapedulimu / Nosa Shandy (@LocalHost31337) Bug Bounty2022-09-202023-06-13
10617,500$ – IDOR on Apple [consultants.apple.com] IDOR Apple apapedulimu / Nosa Shandy (@LocalHost31337) Bug Bounty2022-09-202023-06-13
988Insecure Comments IDOR Authorization flaw Microsoft Meareg Bug Bounty2022-10-072023-06-13
975In GUID We Trust IDOR Password reset Race condition Account takeover NA Daniel Thatcher (@_danielthatcher) Bug Bounty2022-10-112023-06-13
973Critical IDOR Vulnerability on Medium? IDOR NA zer0d Bug Bounty2022-10-122023-06-13
962Fall account takeover via Amazon Cognito misconfiguration IDOR Account takeover NA Hossam Ahmed (@iknowhatodo0x01) Bug Bounty2022-10-132023-06-13
934FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer CSTI Stored XSS Microsoft Lidor Ben Shitrit Bug Bounty2022-10-192023-06-13
924Google VRP — [Insecure Direct Object Reference] $3133.70 IDOR Google Caesar Evan Santoso Bug Bounty2022-10-202023-06-13
923$1,000+ P1: PII Disclosure W/ IDOR IDOR NA Graham Zemel (@grahamzemel) Bug Bounty2022-10-212023-06-13
859IDOR on Unsubscribe emails to $200 bounty. IDOR NA shbugger1 Bug Bounty2022-11-062023-06-13
853Some Tips to Finding IDORs more easily and Fixing them IDOR NA Xenon Bug Bounty2022-11-082023-06-13
847Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd IDOR Google Caesar Evan Santoso Bug Bounty2022-11-102023-06-13
820The Story Of A Strange / Stored IDOR. IDOR NA Hassan Farooq Bug Bounty2022-11-162023-06-13
819Account Takeover Worth of $2500 Account takeover IDOR NA Jefferson Gonzales (@gonzxph) Bug Bounty2022-11-162023-06-13
778Able to Mass-change profile section leads to my first $BOUNTY$ HTML injection IDOR CSRF NA SYRINE Bug Bounty2022-11-252023-06-13
775How I hacked into a government e-learning website IDOR Account takeover NA iamgk808 (@iamgk808) Bug Bounty2022-11-262023-06-13
772A great weekend hack(worth $8k) SQL injection IDOR Stored XSS NA Manas Harsh (@ManasH4rsh) Bug Bounty2022-11-262023-06-13
771[Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application Android Hardcoded credentials IDOR NA Abdelhak Kharroubi Bug Bounty2022-11-262023-06-13
769Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames IDOR Broken Access Control Android IoT Ourphoto Nick M (@1oopho1e) Bug Bounty2022-11-262023-06-13
739Hacking on a plane: Leaking data of millions and taking over any account IDOR NA rez0 (@rez0__) Bug Bounty2022-12-022023-06-13
7373 Step IDOR in HackerResume IDOR HackerResume Swapnil Maurya (@swapmaurya20) Bug Bounty2022-12-032023-06-13