Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
3081Accidental Observation to Critical IDOR IDOR NA Harsh Bothra (@harshbothra_) Bug Bounty2020-10-242023-06-13
3080My first bug on Google IDOR Google Manas Harsh (@ManasH4rsh) Bug Bounty2020-10-252023-06-13
3075The YouTube bug that allowed unlisted uploads to any channel IDOR Information disclosure Google Ryan Kovatch Bug Bounty2020-10-272023-06-13
3049How i could take over any Account on a USA Department of Defense Website due to a simple IDOR IDOR Account takeover U.S. Dept Of Defense Gal Nagli (@naglinagli) Bug Bounty2020-11-072023-06-13
3045Chaining password reset link poisoning, IDOR, and information leakage to achieve account takeover at api.redacted.com HTTP header injection NA Jadek Mark (@mase289) Bug Bounty2020-11-102023-06-13
3032Theoretically Possible To Practical Account Takeover IDOR Account takeover NA Mukul Lohar (@ironfisto) Bug Bounty2020-11-142023-06-13
3028Weak Cryptography to Account Takeover’s Cryptographic issues Account takeover IDOR NA letmeslidein (@VasuYadaav) Bug Bounty2020-11-152023-06-13
3026Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data Information disclosure Broken access control IDOR SQL injection NA YoKo Kho (@YokoAcc) Bug Bounty2020-11-152023-06-13
3017GraphQL IDOR in Facebook streamer dashboard. IDOR GraphQL Meta / Facebook Kailash (@Corrupted_brain) Bug Bounty2020-11-182023-06-13
2956Worth $1,500 IDOR (Access Unauthorize Data) IDOR NA Muhammad Asim Shahzad (@protector47) Bug Bounty2020-12-202023-06-13
2940Sensitive data leak using IDOR in integration service IDOR NA Ronak Patel (@ronak_9889) Bug Bounty2020-12-292023-06-13
2932API based IDOR to leaking Private IP address of 6000 businesses IDOR NA Rafi Ahamed (Leonidas D. Ace) Bug Bounty2021-01-012023-06-13
2913Create post on any Facebook page IDOR Meta / Facebook Pouya Darabi (@Pouyadarabi) Bug Bounty2021-01-082023-06-13
2907Stealing Your Private YouTube Videos, One Frame at a Time IDOR Google David Schütz (@xdavidhu) Bug Bounty2021-01-112023-06-13
2904CSRF with IDOR - A Deadly Combo CSRF IDOR NA Jerry Shah (@Jerry) Bug Bounty2021-01-122023-06-13
2889My first and last crit of 2020 on Hackerone Lack of rate limiting Bruteforce IDOR Password reset Account takeover NA Takester (@dhiraj_ramteke) Bug Bounty2021-01-162023-06-13
2881[Bug Bounty] 600$ Info Disclosure: obtain any user’s backup data Information disclosure IDOR NA Tommaso De Ponti Bug Bounty2021-01-192023-06-13
2870IDOR Revealing Images CDN Links IDOR NA susan wagle Bug Bounty2021-01-252023-06-13
2862Bragging Rights(Part 1): Short story of a bug wave IDOR Stored XSS SSRF Subdomain takeover Hardcoded credentials NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-01-272023-06-13
2853Broken Access Control & Stored XSS - Easy Hunt Stored XSS IDOR NA Kabeer (@iTheKabeer) Bug Bounty2021-01-292023-06-13
2850An Interesting Account Takeover Vulnerability IDOR Account takeover NA Avanish Pathak (@avanish46) Bug Bounty2021-01-302023-06-13
2846Access developer tasks list of any Facebook Application (GraphQL IDOR) IDOR Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-02-012023-06-13
2811Changing other users Episode title & description - IDOR Vulnerability in [REDACTED] (Write Up) IDOR NA Evan Ricafort (@evanricafort) Bug Bounty2021-02-132023-06-13
2810How I Hacked Everyone’s Resume/CV’s and Got €€€ IDOR Authorization flaw Information disclosure NA Vishal Bharad Bug Bounty2021-02-142023-06-13
2809IDOR via Websockets allow me to takeover any users account IDOR NA Mohsin Khan (@tabaahi_) Bug Bounty2021-02-142023-06-13