| 4510 | Privilege Escalation like a Boss |
IDOR |
NA |
Jay Jani (@JayJani007) |
Bug Bounty | 2018-10-27 | 2023-06-13 |
| 4505 | IDOR in JWT and the shortest token you will ever see {}.{“uid”: “1234567890”} |
IDOR |
NA |
Plenum (@plenumlab) |
Bug Bounty | 2018-10-30 | 2023-06-13 |
| 4493 | Duplicate but still cool |
IDOR
Account takeover |
NA |
Plenum (@plenumlab) |
Bug Bounty | 2018-11-05 | 2023-06-13 |
| 4489 | Vine User’s Private information disclosure |
IDOR
Information disclosure |
Vine |
Prial Islam Khan (@prial261) |
Bug Bounty | 2018-11-07 | 2023-06-13 |
| 4471 | HackenProof Customer Story: Uklon |
XSS
IDOR
Blind XSS
Account takeover |
Uklon |
HackenProof (@hackenproof) |
Bug Bounty | 2018-11-16 | 2023-06-13 |
| 4427 | Change Anyone’s profile picture-Exploiting IDOR |
IDOR |
NA |
Rupika Luhach (@Rup_Ki_Rani) |
Bug Bounty | 2018-12-09 | 2023-06-13 |
| 4424 | How I was able to generate Access Tokens for any Facebook user. |
IDOR
Information disclosure |
Meta / Facebook |
Youssef Sammouda (@samm0uda) |
Bug Bounty | 2018-12-11 | 2023-06-13 |
| 4423 | How I could have stolen your photos from Google |
Parameter tampering
Authorization flaw
IDOR |
Google |
Gergő Turcsányi (@GergoTurcsanyi) |
Bug Bounty | 2018-12-11 | 2023-06-13 |
| 4390 | How I Was Able To Takeover All User Account And Admin Panel |
IDOR
Account takeover |
NA |
Dipak kumar Das (@d1pakdas) |
Bug Bounty | 2018-12-28 | 2023-06-13 |
| 4387 | How I was able to delete Google Gallery Data [IDOR] |
IDOR |
Google |
Yogesh Tantak |
Bug Bounty | 2018-12-30 | 2023-06-13 |
| 4382 | How I was able to Harvest other Vine users IP address |
IDOR |
Vine |
Prial Islam Khan (@prial261) |
Bug Bounty | 2019-01-02 | 2023-06-13 |
| 4380 | Yes I can see your OTP |
IDOR |
NA |
Vulnerables |
Bug Bounty | 2019-01-03 | 2023-06-13 |
| 4368 | Workplace Logo ID to workplace owner name Disclosure Facebook Bug Bounty |
IDOR |
Meta / Facebook |
Ajay Gautam (@evilboyajay) |
Bug Bounty | 2019-01-11 | 2023-06-13 |
| 4339 | AntiHack IDOR on Create Submission |
IDOR |
AntiHack.me |
Syahrul Akbar Rohmani (@sahruldotid) |
Bug Bounty | 2019-01-26 | 2023-06-13 |
| 4331 | Publish tweets by any other user |
IDOR |
Twitter |
Kedrisec (@kedrisec) |
Bug Bounty | 2019-01-30 | 2023-06-13 |
| 4326 | How I was able to Extract Information of Other Users- Exploiting IDOR |
IDOR |
Knowyourmeds.com |
Rupika Luhach (@Rup_Ki_Rani) |
Bug Bounty | 2019-02-02 | 2023-06-13 |
| 4309 | Hacking YouTube for #fun and #profit |
IDOR |
Google |
Alexandru Coltuneac (@dekeeu) |
Bug Bounty | 2019-02-12 | 2023-06-13 |
| 4307 | Disclose private attachments in Facebook Messenger Infrastructure - 15,000$ |
IDOR |
Meta / Facebook |
Sarmad Hassan (@JubaBaghdad) |
Bug Bounty | 2019-02-13 | 2023-06-13 |
| 4289 | Bug Writeup: FBCTF IDOR |
IDOR |
Meta / Facebook |
George Osterweil |
Bug Bounty | 2019-02-20 | 2023-06-13 |
| 4269 | Facebook exploit – Confirm website visitor identities |
Information disclosure
IDOR |
Meta / Facebook |
Tom Anthony (@TomAnthonySEO) |
Bug Bounty | 2019-03-04 | 2023-06-13 |
| 4260 | Inserting malware into anyone’s Google Earth Projects Archive |
IDOR
XSS
Authorization flaw |
Google |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2019-03-10 | 2023-06-13 |
| 4248 | How I was able to pwned 30000+ user’s webhook |
IDOR |
NA |
gujjuboy10x00 (@vis_hacker) |
Bug Bounty | 2019-03-14 | 2023-06-13 |
| 4246 | Disclosure of Pending Roles for any Facebook Page |
IDOR |
Meta / Facebook |
Avinash Kumar (@itsavinash_) |
Bug Bounty | 2019-03-16 | 2023-06-13 |
| 4232 | My very first bug: a dreaded dupe and then an IDOR jackpot! |
IDOR |
Yahoo! / Verizon Media |
John H4X00R (@JohnH4X00R) |
Bug Bounty | 2019-03-28 | 2023-06-13 |
| 4227 | EdM0d0 IDOR Vulnerabilities |
IDOR |
Edmodo |
Pratyush Anjan Sarangi |
Bug Bounty | 2019-04-01 | 2023-06-13 |
