pratik yadavAccount Takeover: Unraveling IDOR + Stored XSS Flaws in an NFT MarketplaceJun 26, 20238Jun 26, 20238
Goutham A SHow do I find a Local File Inclusion?If a website has a file download option especially, in the modern application we might have seen the report download option, and try to get…Oct 25, 20222Oct 25, 20222
Jefferson GonzalesHow I escalate my Self-Stored XSS to Account Takeover with the help of IDORGood day to all Security Researchers and Bug Hunters again Im Jefferson Gonzales and today I will share my writeup about my findings on…Jul 31, 20211Jul 31, 20211
InPenTester Nepalbydhakal_bibekAccess control worth $2000 (everyone missed this IDOR+Access control between two admins.)Tribute to Binit GhimireJun 28, 20221Jun 28, 20221
Pratyush Anjan SarangiThe Art of IDOR: 7 IDORs in Edm0d0Three duplicates and four rewards!Sep 29, 20202Sep 29, 20202
Yeasir ArafatIDOR that calls me!You can’t delete but I can (IDOR to Delete Admin Annonations by any user)Hola everyone,,, This is Yeasir Arafat here and today’s write-up about IDOR that allows me to delete admin anonations without privileged.Dec 17, 2017Dec 17, 2017
Aneesha D (ohzo)My first IDOR on hackeroneHello all… Today, I will be sharing with you how I discovered an IDOR vulnerability on a government website.Mar 3, 2023Mar 3, 2023
