2️⃣IDOR (Indirect Object Reference)

---

Chaining IDOR and Host Header can takeover 18 Million of users accountMedium

($$$$) Critical IDOR Vulnerability Leads to User Information DisclosureMedium

IDOR at Election Commission WebsiteMedium

Acronis disclosed on HackerOne: IDOR vulnerability (Price...HackerOne

GitLab disclosed on HackerOne: Add and Access to Labels of any...HackerOne

Automattic disclosed on HackerOne: IDOR leads to Edit Anyone's...HackerOne

Reddit disclosed on HackerOne: IDOR allows an attacker to modify...HackerOne

HackerOne disclosed on HackerOne: IDOR - Delete all Licenses and...HackerOne

HackerOne disclosed on HackerOne: Insecure Direct Object Reference...HackerOne

https://bepractical.tech/blogs/all-about-idor/bepractical.tech

How I (Ethically) Hacked My College Portal with a JWT Token — and Reported It ResponsiblyMedium