API tools faq
paste
Drvirus1911

Authorization Flaws Writeups

Drvirus1911
May 17th, 2020
248
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.75 KB | None | 0 0
raw download clone embed print report
  1. https://blog.detectify.com/2019/01/29/hacking-isnt-an-exact-science/
  2. https://blog.securitybreached.org/2020/01/22/user-account-takeover-via-signup-feature-bug-bounty-poc/
  3. https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
  4. https://blog.usejournal.com/sql-injection-via-stopping-the-redirection-to-a-login-page-52b0792d5592
  5. https://fellchase.blogspot.com/2019/12/authorization-bug-that-every-bug-hunter-missed-on-a-popular-program.html
  6. https://geleta.eu/2020/a-tale-of-verbose-error-message-and-jwt-token/
  7. https://medium.com/@Asm0d3us/facebook-bug-sending-messages-as-a-page-with-jobmanager-permission-763dc0d8e32c
  8. https://medium.com/@aayushpokhrel/how-i-made-my-first-from-finding-a-bug-in-facebook-da3b11e550f0
  9. https://medium.com/@baibhavanandjha/sending-message-as-page-being-an-analyst-advertiser-eb0317376f43
  10. https://medium.com/@bhaveshthakur2015/complete-information-disclosure-using-broken-access-control-269368af7043
  11. https://medium.com/@dekeeu/reposted-2019-hacking-youtube-for-fun-and-profit-8685dd475e30
  12. https://medium.com/@evan.connelly/hunting-tesla-model-y-secrets-in-the-parts-catalog-2f453f853dd8
  13. https://medium.com/@godofdarkness.msf/tumblr-bug-bounty-200-2051ba54e981
  14. https://medium.com/@hariharan21/restriction-is-not-a-promise-privilege-escalation-on-google-2a35104ded5a
  15. https://medium.com/@hazzaazi31/a-malicious-editor-of-a-page-can-support-to-a-community-action-which-cant-be-unsupported-by-the-f568c3762042
  16. https://medium.com/@johnssimon_6607/getting-access-to-disabled-hidden-features-with-the-help-of-burp-match-and-replace-e1d7b70d131e
  17. https://medium.com/@np20121996/how-was-i-able-to-find-privilege-escalation-b13366b97706
  18. https://medium.com/@raushanraj_65039/adding-a-malicious-notebook-to-be-treated-like-a-trusted-notebook-in-google-colab-1337-b84353a9f77
  19. https://medium.com/@rohitcoder/bypassing-fix-of-domain-blocking-feature-in-business-manager-41949a18460c
  20. https://medium.com/@rohitcoder/private-dashboards-were-accessible-by-other-admins-in-analytics-dashboard-558010a379ab
  21. https://medium.com/@rohitcoder/whitehat-test-accounts-can-act-as-hidden-admin-with-business-manager-ad-accounts-ce75ead5ffff
  22. https://medium.com/@sansyrox/hacking-tinders-premium-model-43f9f699d44
  23. https://medium.com/@satboy.fb/a-short-tale-of-account-verification-bypass-22045b38a8b1
  24. https://medium.com/@sushiwushi2/hijacking-shared-report-links-in-google-data-studio-75eab320c391
  25. https://medium.com/@tarekmohamed_20773/add-new-user-with-admin-permission-and-takeover-the-organization-6318ee10154a
  26. https://medium.com/@timpaxerror/page-admin-disclosure-via-an-upgraded-page-post-57863fb02c50
  27. https://medium.com/bugbountywriteup/account-hijack-using-authorization-bypass-which-made-me-richer-by-ba9dace72682
  28. https://medium.com/bugbountywriteup/bug-bounty-broken-api-authorization-d30c940ccb42
  29. https://medium.com/bugbountywriteup/bypassing-the-fix-of-my-previous-instagram-bug-49ece4ea7e1d
  30. https://medium.com/bugbountywriteup/dank-writeup-on-broken-access-control-on-an-indian-startup-d29132a1ecd
  31. https://medium.com/bugbountywriteup/facebook-bug-bounty-reading-whatsapp-contacts-list-without-unlocking-the-device-a40e9c660a42
  32. https://medium.com/bugbountywriteup/how-i-found-a-simple-bug-in-facebook-without-any-test-3bc8cf5e2ca2
  33. https://medium.com/bugbountywriteup/page-admin-disclosure-facebook-bug-bounty-2019-ee9920e768eb
  34. https://medium.com/nassec-cybersecurity-writeups/bypassing-brand-collabs-manager-eligibility-7d26523da816
  35. https://noobe.io/articles/2020-01/how-i-found-bug-google-search-console
  36. https://pankajupadhyay.in/2020/05/01/ok-google-bypass-flag-secure/
  37. https://philippeharewood.com/add-users-to-roles-on-facebook-pages-without-an-invitation-consent/
  38. https://philippeharewood.com/create-living-room-polls-as-a-facebook-page-analyst/
  39. https://philippeharewood.com/generate-valid-signatures-for-fbcdn-urls/
  40. https://philippeharewood.com/get-page-inbox-notifications-for-any-facebook-page/
  41. https://philippeharewood.com/subscribe-to-the-list-of-requesters-to-join-a-facebook-live-video-using-mqtt/
  42. https://philippeharewood.com/subscribe-to-typing-notifications-for-any-instagram-user/
  43. https://philippeharewood.com/toggle-group-rules-agreement-as-a-non-member/
  44. https://philippeharewood.com/view-the-ranked-messenger-users-for-any-page/
  45. https://pwnsec.ninja/2019/06/28/facebook-bugbounty-short-story-on-page-admin-disclosure/
  46. https://pwnsec.ninja/2020/03/04/bug-bounty-catches-part-1/
  47. https://websecblog.com/vulns/leoexpress-personal-data/
  48. https://www.symbo1.com/articles/2019/01/11/fb-pageanalyst-could-add-oneself-as-moderator-on-group.html
  49. https://www.symbo1.com/articles/2019/01/25/fb-change-product-availability-as-pageanalyst.html
  50. https://ysamm.com/?p=281
  51. https://ysamm.com/?p=30
  52. https://ysamm.com/?p=314
  53. https://ysamm.com/?p=404
  54. https://ysamm.com/?p=50
  55. https://ysamm.com/?p=68
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!