InInfoSec Write-upsbyAbhi Sharma$1,700 IDOR: Unauthorized Modification of Web Hosting ConfigurationHi Everyone! I recently discovered an IDOR (Insecure Direct Object Reference) vulnerability in ExHub that allowed an attacker to modify the…Feb 142Feb 142
InInfoSec Write-upsbyAbhi Sharma850$ IDOR:Unauthorized Session Revokation of any userSep 7, 20242Sep 7, 20242
InInfoSec Write-upsbySupun Halangoda (Suppa)Exploiting IDOR in a Support Portal ChatbotSometimes, I avoid testing support or help portals, assuming they might be hosted on third-party platforms like Jira or Zendesk, to save…Jan 151Jan 151
Ahmed HusseinHow I Found My First Bug: Invitation Bypass ExploitHello guys! its Ahmed0x00 and today I will tell you how I found my first bug which was a little bit interesting, but first of all you must…Oct 13, 20245Oct 13, 20245
Ahmed HusseinHow I found 4 IDORs in the same targetHello guys its me again! Today I will explain to you 4 IDORs I found in the same target and I’ll also tell you how I discovered them.Nov 23, 20247Nov 23, 20247
WhitehatMy First $100 Bounty: Exploiting IDOR Vulnerability in Account SectionThis bug has never been discovered by anyone before.Oct 21, 20242Oct 21, 20242
Yeasir ArafatIDOR that calls me!You can’t delete but I can (IDOR to Delete Admin Annonations by any user)Hola everyone,,, This is Yeasir Arafat here and today’s write-up about IDOR that allows me to delete admin anonations without privileged.Dec 17, 2017Dec 17, 2017
Anas H HmaidyHunting for Hidden API Endpoints Using Katana and HakralerGood day!Sep 9, 202414Sep 9, 202414
imwaiting182:00 AM IDOR leads to some Adrenaline rushRead now for a cookie 🍪Apr 27, 20246Apr 27, 20246
Sahil MehraChaining IDOR and Host Header can takeover 18 Million of users accountThis blog article discusses a security flaw that was found in the password reset feature of redacted.com. The flaw unintentionally exposes…Feb 3, 20243Feb 3, 20243
Ahmed TarekIDOR leads to Account Takeover of all users (ATO).Hello everyone , I’m Ahmed Tarek, Today I would like to share with you my second IDOR discovery in HackerOne ’s program, This is my 1st…Apr 28, 202419Apr 28, 202419
InInfoSec Write-upsbyAbhi Sharma1200$ IDOR Flaw: Allow Attacker To Approve Project Time TrackingNov 12, 20233Nov 12, 20233
Tengku Arya Saputra[IDOR] $400 — Deleting Other Project in ShopeeHello everyone, introducing my name Tengku Arya Saputra (Follow my Linkedin) previously I discussed my discovery with a very critical…Aug 12, 20231Aug 12, 20231
OmdubeyIDOR in 30 minutesHii My Name is Om Dubey and I am a Bug Hunter. Recently I found a IDOR Vulnerability in a Private program.Mar 31, 20236Mar 31, 20236
Muhammad Iman(IDOR) How do I find the first vulnerability with a $2500 bounty on hackerone.Aug 17, 20239Aug 17, 20239
InInfoSec Write-upsbyrootxy4shGone in a Click: IDOR Vulnerabilities in Image Upload FunctionGreetings, fellow cybersecurity researchers! I’m Rootxyash, a passionate security researcher and an unwavering part-time bug bounty hunter…Aug 11, 20234Aug 11, 20234
RynexxHow I was able to comment from victims account through IDORHello amazing hackers ,Mar 19, 20231Mar 19, 20231
Amin NasiriSome Tips to Finding IDORs more easily and Fixing themThis time I want to talk about IDOR blinkers which are the keys for finding IDORs faster and some tips for programmers who want to have a…Nov 8, 2022Nov 8, 2022
![[IDOR] $400 — Deleting Other Project in Shopee](https://miro.medium.com/v2/resize:fill:160:106/1*YGv2aOHRhJr16ezyME7qSg.png)
![[IDOR] $400 — Deleting Other Project in Shopee](https://miro.medium.com/v2/resize:fill:320:214/1*YGv2aOHRhJr16ezyME7qSg.png)
