Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2802Full account takeover worth $1000 Think out of the box Account takeover CSRF IDOR NA Mohsin Khan (@tabaahi_) Bug Bounty2021-02-152023-06-13
2794Story of a very lethal IDOR. XSS IDOR Account takeover NA Vedant Tekale (@_justYnot) Bug Bounty2021-02-172023-06-13
2764IDOR which allowed me to view Personal Email Addresses of More than 50K Users! IDOR Password reset NA Savir Suda (@savxiety) Bug Bounty2021-02-262023-06-13
2748Exploiting CORS to perform an IDOR Attack leading to PII Information Disclosure CORS misconfiguration Information disclosure NA Harsh Parekh (@notmarshmllow) Bug Bounty2021-03-012023-06-13
2719IDOR Vulenebility with empty response still exposing sensitive details of customers! IDOR NA Rahul Varale Bug Bounty2021-03-142023-06-13
2714An Interesting Account Takeover!! IDOR Account takeover Weak encryption Password reset NA Mayank Pandey (@mayank_pandey01) Bug Bounty2021-03-172023-06-13
2697How I made it to Google HOF? IDOR Google Sudhanshu Rajbhar (@sudhanshur705) Bug Bounty2021-03-212023-06-13
2690How I was able to see likes and dislikes count even though is hidden by victim | YouTube #2 Broken Access Control IDOR Google R ando (@Rando02355205) Bug Bounty2021-03-262023-06-13
2687How I was able to see likes and dislikes count even though is hidden by victim | YouTube #1 Broken Access Control IDOR Google R ando (@Rando02355205) Bug Bounty2021-03-282023-06-13
2682I felt like there were no more bugs left after winning € 2000 … But an email worth €750 changed my mind Broken Access Control IDOR NA Thexssrat (@theXSSrat) Bug Bounty2021-03-312023-06-13
2671Bragging Rights: Let’s head back to bug bucket XSS IDOR MFA bypass NA Manas Harsh (@ManasH4rsh) Bug Bounty2021-04-022023-06-13
2637(POC) Update business fyi message as Facebook page analyst IDOR GraphQL Meta / Facebook Ahmad Talahmeh Bug Bounty2021-04-172023-06-13
2632Misconfiguration in Change-password Functionality Leads to Account Takeover IDOR Logic flaw Password reset Account takeover NA Mahmoud Radwan (@0x___2m) Bug Bounty2021-04-182023-06-13
2625IDOR leads to leaked the likes count even though is hidden by victim | YouTube ($XXXX) IDOR Logic flaw Google R ando (@Rando02355205) Bug Bounty2021-04-202023-06-13
2585IDOR Leads To Leak Any Uber Eats Restaurant Analytics IDOR Uber Prial Islam Khan (@prial261) Bug Bounty2021-05-022023-06-13
2571Workplace by Facebook | Unauthorized access to companies environment — $27,5k Authorization flaw Logic flaw IDOR Meta / Facebook Marcos Ferreira (@mvinni_) Bug Bounty2021-05-072023-06-13
2532Finding and Exploiting Unintended Functionality in Main Web App APIs IDOR Information disclosure Privilege escalation NA Bend Theory (@bendtheory) Bug Bounty2021-05-212023-06-13
2530Disclose leads form details of any Facebook Business Account or Facebook Page (Bug Bounty) IDOR GraphQL Meta / Facebook Amine Aboud (@amineaboud) Bug Bounty2021-05-232023-06-13
2492Unexpected IDOR Vulnerability in [REDACTED] - [redacted].net (Write Up) IDOR NA Evan Ricafort (@evanricafort) Bug Bounty2021-06-102023-06-13
2478This is how I was able to see Private, Archived Posts/Stories of users on Instagram without following them IDOR GraphQL NA Mayur Fartade (@mayurfartade) Bug Bounty2021-06-152023-06-13
2447Some ways to find more IDOR IDOR NA Thái Vũ (@thaivd98) Bug Bounty2021-06-262023-06-13
2435Testing Cookies worth $500 Account takeover IDOR NA Sankalpa Acharya (@sankalpa_02) Bug Bounty2021-06-302023-06-13
2433View Other User Private Livestream Data IDOR Meta / Facebook Geva (@Geva_7) Bug Bounty2021-07-032023-06-13
2426IDOR on clientauthconfig.googleapis.com IDOR Google David Schütz (@xdavidhu) Bug Bounty2021-07-082023-06-13
2401Facebook Vulnerability: $1500 for Removing Document Cover Authorization flaw IDOR Meta / Facebook Muhammad Sholikhin (@MuhammadLikhin) Bug Bounty2021-07-182023-06-13