| 3822 | How I could delete Facebook Ask for Recommendations post’s place objects in comments |
IDOR |
Meta / Facebook |
Raja Sudhakar (@Rajasudhakar) |
Bug Bounty | 2019-11-20 | 2023-06-13 |
| 3815 | Stories Of IDOR-Part 2 |
IDOR |
NA |
Shivbihari Pandey (@ninja_pandit_) |
Bug Bounty | 2019-11-21 | 2023-06-13 |
| 3814 | IDOR via Websockets |
IDOR |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2019-11-23 | 2023-06-13 |
| 3799 | HTTP Request Smuggling + IDOR |
HTTP request smuggling
IDOR |
NA |
hipotermia (@_hipotermia_) |
Bug Bounty | 2019-12-05 | 2023-06-13 |
| 3776 | Inf0rM@tion Disclosure via IDOR |
IDOR |
NA |
Pratyush Anjan Sarangi |
Bug Bounty | 2019-12-16 | 2023-06-13 |
| 3763 | GraphQL IDOR leads to information disclosure |
IDOR |
NA |
Eshan Singh (@R0X4R) |
Bug Bounty | 2019-12-24 | 2023-06-13 |
| 3761 | Airbnb : Steal Earning of Airbnb hosts by Adding Bank Account/Payment Method (IDOR) |
IDOR |
Airbnb |
Vijay Kumar (@IndoAppSec) |
Bug Bounty | 2019-12-24 | 2023-06-13 |
| 3747 | Exploiting a Self Stored XSS with an IDOR |
Self-XSS
Stored XSS
IDOR |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2019-12-31 | 2023-06-13 |
| 3743 | Story of an IDOR via HTTP |
IDOR |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2019-12-31 | 2023-06-13 |
| 3711 | A Less Known Attack Vector, Second Order IDOR Attacks |
IDOR |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2020-01-22 | 2023-06-13 |
| 3706 | Accidental IDOR that Deleted Admin Account. |
IDOR |
NA |
Sayaan Alam (@ehsayaan) |
Bug Bounty | 2020-01-25 | 2023-06-13 |
| 3699 | Adding anyone including non-friend and blocked people as co-host in personal event! |
IDOR |
Meta / Facebook |
Binit Ghimire (@WHOISbinit) |
Bug Bounty | 2020-01-28 | 2023-06-13 |
| 3690 | Easily leaking passenger information on an Airline |
IDOR |
NA |
Zseano (@zseano) |
Bug Bounty | 2020-02-04 | 2023-06-13 |
| 3675 | IDOR leads to Data leakage and Profile Update |
IDOR
Bruteforce |
NA |
vict0ni (@vict0ni) |
Bug Bounty | 2020-02-07 | 2023-06-13 |
| 3669 | A Simple IDOR to Account Takeover |
IDOR
Account takeover |
NA |
Swapnil Maurya (@swapmaurya20) |
Bug Bounty | 2020-02-11 | 2023-06-13 |
| 3585 | Stealing Videos From VLC |
IDOR |
Internet Bug Bounty |
Dhiraj (@RandomDhiraj) |
Bug Bounty | 2020-03-26 | 2023-06-13 |
| 3554 | Listing all registered email addresses on Google’s Crisis Map thanks to IDOR and incremental IDs |
IDOR |
Google |
Thomas Orlita (@ThomasOrlita) |
Bug Bounty | 2020-04-07 | 2023-06-13 |
| 3552 | How i Unlocked the blocked accounts? |
Password reset
HTTP parameter pollution
IDOR |
NA |
Maria Zulfiqar |
Bug Bounty | 2020-04-11 | 2023-06-13 |
| 3541 | How was i able to find privilege escalation. |
IDOR
Authorization flaw |
NA |
Akshar Tank (@Akshar__tank) |
Bug Bounty | 2020-04-18 | 2023-06-13 |
| 3513 | Hacking Razer Pay Ewallet App |
IDOR |
Razer |
Richard Tan (@sambal0x) |
Bug Bounty | 2020-04-30 | 2023-06-13 |
| 3480 | Chained Bugs [ Account TakeOver ] |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-16 | 2023-06-13 |
| 3477 | One Param => $10k |
IDOR
XSS
Account takeover |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2020-05-17 | 2023-06-13 |
| 3472 | My first 10k bdt bounty from an e-commerce site |
IDOR |
NA |
Md Saikat |
Bug Bounty | 2020-05-18 | 2023-06-13 |
| 3459 | How Source code reading helped me find an IDOR |
IDOR
Information disclosure |
NA |
Sanjay Verdu (@codersanjay) |
Bug Bounty | 2020-05-22 | 2023-06-13 |
| 3456 | Chaining an IDOR with a business-logic error to achieve critical impact |
IDOR
Logic flaw |
NA |
Julien Cretel (@jub0bs) |
Bug Bounty | 2020-05-26 | 2023-06-13 |
