Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
727[BAC/IDOR] How my father credit card help me to find this access control issue IDOR Lack of rate limiting NA Xcoder(Joy ahmed) (@xcoder074) Bug Bounty2022-12-052023-06-13
711Scoring $$$ for a very simple bug : You don’t always need proxy tools IDOR NA MRD7 (@_mrd7_) Bug Bounty2022-12-102023-06-13
704How I became a millionaire in 3h | Fintech Bug Bounty — Part 1 IDOR Lack of rate limiting Logic flaw NA 0x4KD (@0x4kd) Bug Bounty2022-12-122023-06-13
690Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes SSO IDOR Missing authentication HAwebsso.nl Jonathan Bouman (@JonathanBouman) Bug Bounty2022-12-142023-06-13
675[GraphQL IDOR]Leaking credit card information of 1000s of users IDOR GraphQL NA Vipul Sahu Bug Bounty2022-12-202023-06-13
666Zero Click To Account Takeover (IDOR + XSS) IDOR XSS Account takeover NA Arman (@M7arm4n) Bug Bounty2022-12-212023-06-13
665Delete any Video or Reel on Facebook (11,250$) IDOR Meta / Facebook Bassem Bazzoun (@bassemmbazzoun)) Bug Bounty2022-12-212023-06-13
608Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval IDOR Authorization flaw Meta / Facebook Dzmitry Lukyanenka (@vulnano) Bug Bounty2023-01-092023-06-13
604“2022: A Year of Fascinating Discoveries” CSRF SSRF Blind XSS Password reset Hyperlink injection IDOR Weak credentials AWS misconfiguration NA dhakal_bibek (@dhakal__bibek) Bug Bounty2023-01-092023-06-13
580How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services SSRF Cloud Microsoft (Azure) Lidor Ben Shitrit Bug Bounty2023-01-172023-06-13
562Bypassing E2E encryption leads to multiple high vulnerabilities. IDOR SSRF NA Asem Eleraky (@melotover) Bug Bounty2023-01-202023-06-13
526The 100+ Million Person Data Disclosure IDOR NA Jason Haddix (@Jhaddix) Bug Bounty2023-01-292023-06-13
525Discovered a Critical IDOR and Earned $900 for My First P1 Vulnerability! IDOR NA Abhisek R (@abh1sek_r) Bug Bounty2023-01-292023-06-13
524How I Found an Insecure Direct Object Reference in TikTok IDOR TikTok mrhavit Bug Bounty2023-01-292023-06-13
517Mass Account takeover by bypassing 2 FA MFA bypass IDOR Account takeover NA Zeeshan Mustafa (@by6153) Bug Bounty2023-01-312023-06-13
513An IDOR vulnerability often hides many others IDOR GraphQL NA Allam Rachid (@blank_cold) Bug Bounty2023-02-012023-06-13
505IDOR - Inside the Session Storage IDOR NA Jerry Shah (@Jerry) Bug Bounty2023-02-022023-06-13
500Play with Google, Twitter, Apple, Dell XSS HTML injection IDOR Information disclosure Google Twitter Apple Dell rezaduty (@rezaduty) Bug Bounty2023-02-032023-06-13
464IDOR Leads to MASS Account Takeover IDOR Account takeover NA Yaseen Zubair Bug Bounty2023-02-122023-06-13
434Found an URL in the android application source code which lead to an IDOR Android Information disclosure IDOR NA Vengeance Bug Bounty2023-02-182023-06-13
430Exposing 185M+ Indians’ Personal Information and much more Broken Access Control IDOR Information disclosure Aadhaar CERT-In Robin Justin (@_robinjustin_) Bug Bounty2023-02-202023-06-13
412Insufficient GraphQL API vulnerability due to lack of validation of Authorization Bearer token GraphQL IDOR NA Int (@intlulz) Bug Bounty2023-02-222023-06-13
395My P1 — Account Takeover Account takeover IDOR Password reset NA Kullai (@Kullai12) Bug Bounty2023-02-252023-06-13
368How a simple IDOR impacted the data of thousands of customers of an Indian automotive giant Account takeover Information disclosure IDOR NA Kushal Jain Bug Bounty2023-03-012023-06-13
352JS file enumeration for bug bounty hunters Information disclosure IDOR NA Aadarsh Anand (@ScreamZoro) Bug Bounty2023-03-042023-06-13