Biscuit's Bug Bounty Playbook
  • ๐Ÿ‘‹Introduction to Biscuit's Bug Bounty Playbook
  • Mains
    • ๐ŸงพResume For Cyber Security Freshie
    • ๐Ÿ“—Browser extension For Bug Bounty
    • ๐Ÿ“€POC Videos YT Channel
    • ๐Ÿ“บ55 YouTube Channels To Learn Hacking
    • ๐Ÿ‘€Hackers to Follow on Social Media
      • Twitter
      • Medium
      • YouTube
      • GitHub
      • Discord Server
      • Security GitBooks
    • ๐Ÿ…Learn The Basics
      • ๐ŸŽ–๏ธType Of Cyber Security
      • ๐ŸฅˆCommon Job Roles
      • ๐Ÿฅ‰Get Started With InfoSec
      • โš•๏ธBest Bug Bounty Platform
      • ๐Ÿ—ž๏ธBest InfoSec Writeups Website
      • ๐ŸชHacking Books
      • ๐Ÿฅ‚CLI Commands
      • ๐Ÿ’ฟLearn WSL
    • ๐Ÿ‘ฉโ€๐Ÿ’ปFun Programming Codes
    • ๐Ÿ”ฎBuild your own Bug Bounty Methodology
    • ๐ŸŽดBug Bounty Checklist
  • Learn Android Bug Bounty
    • ๐ŸŽฅVideo Tutorials
  • โค๏ธYouTube Channels
  • ๐Ÿ“ฐBug Bounty Reports
  • ๐Ÿ“šBlogs & Writeups
  • ๐ŸนGitHub Repository
  • ๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘งConference Talks
  • ๐Ÿ–จ๏ธAutomated Scanners
  • โš™๏ธIntentionally Vulnerable Apps
  • ๐ŸŽฑLearn Drozer For Android Pentesting
  • ๐Ÿช€Learn Frida For Android Pentesting
  • ๐ŸˆBypassing Security Protections in APKs via Objection and Frida
  • ๐ŸชSecurity Tools For Android Pentesting
  • ๐ŸŽนCLI Commands & Shortcuts
  • Bug Bounty Reports & Articles
    • 0๏ธโƒฃIndex
    • 1๏ธโƒฃTakeover's (Accounts, Sub-domains, etc)
      • ๐ŸšกSub Domain Takeover
      • ๐Ÿš Account Takeover
      • ๐ŸšŸdependency confusion vulnerability
    • 2๏ธโƒฃIDOR (Indirect Object Reference)
    • 3๏ธโƒฃLeaks & Disclosure (PII, API Key, etc)
    • 4๏ธโƒฃOpen Redirects
    • 5๏ธโƒฃRequest Forgery (CSRF & SSRF)
      • ๐ŸŸขCSRF
      • ๐Ÿ”ดSSRF
    • 6๏ธโƒฃInjections (HTML, XSS, etc)
      • ๐ŸŸกXSS
      • ๐ŸŸ HTML Injection
      • โšซSQL Injection
      • ๐ŸŸฃCR/LF Injection
      • ๐ŸŸขSSTI
      • ๐Ÿ”ดHost Header Injection
      • ๐Ÿ”ตCSV Injection
    • 7๏ธโƒฃBroken Access Control & Broken Authentication
      • โš™๏ธFile Upload Functionality
      • โš™๏ธPassword Reset Functionality
      • โš™๏ธ2FA Functionality
      • โš™๏ธOauth Functionality
      • โš™๏ธBypassing
      • โš™๏ธMisconfiguration
      • โš™๏ธCaptcha Bypass
    • 8๏ธโƒฃWeb Socket
    • 9๏ธโƒฃMiscellaneous Reports
    • ๐ŸงปRole Management Issue
    • 0๏ธCloud
      • ๐ŸŒฉ๏ธAWS S3
    • 1๏ธLow Hanging Fruits
    • 2๏ธCache Vulnerabilities
    • 3๏ธDOS/DDOS
  • 4๏ธForced Browsing
  • Bug Bounty Platforms
    • ๐Ÿ›BugCrowd
    • ๐ŸžHackerOne
    • ๐ŸIntigriti
    • ๐ŸœOpen Bug Bounty
  • Exploiting Technologies
    • 0๏ธโƒฃIntroduction
    • 1๏ธโƒฃWordpress
    • 2๏ธโƒฃGraphQL API
    • 3๏ธโƒฃIDOR Vulnerability
Powered by GitBook
On this page
  1. Bug Bounty Reports & Articles

IDOR (Indirect Object Reference)

Previousdependency confusion vulnerabilityNextLeaks & Disclosure (PII, API Key, etc)

Last updated 11 months ago

2๏ธโƒฃ
Automattic disclosed on HackerOne: IDOR leads to Edit Anyone's...HackerOne
Logo
IDOR at Election Commission WebsiteMedium
GitLab disclosed on HackerOne: Add and Access to Labels of any...HackerOne
Logo
Chaining IDOR and Host Header can takeover 18 Million of users accountMedium
Reddit disclosed on HackerOne: IDOR allows an attacker to modify...HackerOne
Logo
Acronis disclosed on HackerOne: IDOR vulnerability (Price...HackerOne
Logo
Logo
Logo
HackerOne disclosed on HackerOne: IDOR - Delete all Licenses and...HackerOne
Logo
All about IDORBePractical Blogs
HackerOne disclosed on HackerOne: Insecure Direct Object Reference...HackerOne
Logo