Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http://incidentsecurity.com/how-spending-our-saturday-hacking-earned-us-20k/
- https://appsecure.security/blog/how-i-could-have-hacked-your-uber-account
- https://blog.usejournal.com/a-less-known-attack-vector-second-order-idor-attacks-14468009781a
- https://daleys.space/writeup/0day/2019/09/09/verizon-leak.html
- https://evanricafort.blogspot.com/2019/08/read-other-user-support-tickets-in.html
- https://fadhilthomas.github.io/bug-bounty-tokopedia-01-en/
- https://footstep.ninja/posts/exploiting-self-xss/
- https://footstep.ninja/posts/idor-via-email/
- https://footstep.ninja/posts/idor-via-http/
- https://footstep.ninja/posts/idor-via-websockets/
- https://gauravnarwani.com/priv-esc-highest-admin/
- https://georgeosterweil.com/2019-02-20-fbctf-idor/
- https://gh0st.cn/archives/2019-10-01/1
- https://hailstorm1422.com/linkedin-blind-idor/
- https://medium.com/@R0X4R/graphql-idor-leads-to-information-disclosure-175eb560170d
- https://medium.com/@Vibhurushi_Chotaliya/idor-payment-fraud-99d330879c0d
- https://medium.com/@adeshkolte/full-account-takeover-changing-email-and-password-of-any-user-through-api-parameters-3d527ab27240
- https://medium.com/@avinash_/disclosure-of-pending-roles-for-any-facebook-page-ab6e4e219f8e
- https://medium.com/@hariharan21/idor-leads-to-project-takeover-548a1bfd4d66
- https://medium.com/@kedrisec/publish-tweets-by-any-other-user-6c9d892708e3
- https://medium.com/@masonhck357/chains-on-chains-chaining-several-idors-into-account-takeover-part-one-373627f2910f
- https://medium.com/@mdhridoy_4607/1st-bounty-story-rewarded-300-idor-bc4e1708e8e0
- https://medium.com/@mr_hacker/a-5000-idor-f4268fffcd2e
- https://medium.com/@noob.assassin/idor-in-one-plus-leads-to-leak-user-personal-info-e7e07729dc5
- https://medium.com/@np20121996/how-was-i-able-to-find-privilege-escalation-b13366b97706
- https://medium.com/@pratyush1337/edm0d0-idor-vulnerabilities-95ca8600ee1c
- https://medium.com/@pratyush1337/inf0rm-tion-disclosure-via-idor-20f1ba5aa508
- https://medium.com/@pratyush1337/inf0rm-tion-disclosure-via-idor-cff5541a9232
- https://medium.com/@princechaddha/account-takeover-on-airbnb-acquisition-an-unusual-bug-part-2-45fab11dc407
- https://medium.com/@protector47/password-reset-vulnerability-full-account-takeover-insecure-direct-object-reference-c4a9a3ea8268
- https://medium.com/@rajasudhakar/how-i-could-delete-facebook-ask-for-recommendations-posts-place-objects-in-comments-b7c9bcdf1c92
- https://medium.com/@rohan_x3/edmodo-idor-to-view-private-files-of-any-class-2280676c84b8
- https://medium.com/@rupika.luhach/how-i-was-able-to-extract-information-of-other-users-exploiting-idor-9f03aa72dd06
- https://medium.com/@saadahmedx/accidental-idor-8987a2728d4
- https://medium.com/@saadahmedx/idor-account-takeover-1ff5a2d03b8b
- https://medium.com/@sahruldotid/antihack-idor-on-create-submission-ddb3cf40c26b
- https://medium.com/@sakyb7/tale-of-account-takeover-sensitive-info-disclosure-broken-access-control-cea0a5e3a1fd
- https://medium.com/@swapmaurya20/a-simple-idor-to-account-takeover-88b8a1d2ec24
- https://medium.com/@vis_hacker/how-i-was-able-to-pwned-30000-users-webhook-d26dc3420703
- https://medium.com/@zseano/easily-leaking-passenger-information-on-an-airline-18f99b22cf95
- https://medium.com/a-bugz-life/the-bugs-are-out-there-hiding-in-plain-sight-12d056613ea3
- https://medium.com/bugbountywriteup/a-simple-bypass-of-registration-activation-that-lead-to-many-bug-a-story-about-how-my-friend-5df0889f1062
- https://medium.com/bugbountywriteup/accidental-idor-that-deleted-admin-account-d51264292b66
- https://medium.com/bugbountywriteup/account-takeover-using-idor-and-the-misleading-case-of-error-403-cb42c96ea310
- https://medium.com/bugbountywriteup/disclose-private-attachments-in-facebook-messenger-infrastructure-15-000-ae13602aa486
- https://medium.com/bugbountywriteup/how-i-gained-access-to-revenue-and-traffic-data-of-thousands-of-shopify-stores-b6fe360cc369
- https://medium.com/bugbountywriteup/how-i-unlocked-the-blocked-accounts-545e9b7d7be1
- https://medium.com/bugbountywriteup/stories-of-idor-4966369e6d82
- https://medium.com/bugbountywriteup/stories-of-idor-part-2-29d313a39e55
- https://medium.com/bugbountywriteup/vimeo-livestream-bug-bounty-writeup-13fd208b5f4f
- https://medium.com/h4x00r/my-very-first-bug-a-dreaded-dupe-and-then-an-idor-jackpot-d01b69f6fbae
- https://philippeharewood.com/download-arexport-files-for-any-public-ar-studio-effect/
- https://philippeharewood.com/removing-profile-pictures-for-any-facebook-user/
- https://vict0ni.me/changing-userID-leads-to-data-leak/
- https://websecblog.com/vulns/google-earth-studio-vulnerability/
- https://websecblog.com/vulns/listing-email-addresses-on-google-crisis-map/
- https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html
- https://www.amolbaikar.com/determine-users-with-detailed-role-model-on-behalf-of-any-facebook-application/
- https://www.amolbaikar.com/disclose-full-admin-list-of-any-facebook-applications/
- https://www.indoappsec.in/2019/12/airbnb-steal-earning-of-airbnb-hosts-by.html
- https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/
- https://www.rahulr.in/2019/10/idor-to-rce.html?m=1
- https://www.tomanthony.co.uk/blog/facebook-bug-confirm-user-identities/
- https://ysamm.com/?p=171
- https://ysamm.com/?p=240
- https://ysamm.com/?p=291
- https://ysamm.com/?p=314
- https://ysamm.com/?p=60
Add Comment
Please, Sign In to add comment