Biscuit's Bug Bounty Playbook
  • ๐Ÿ‘‹Introduction to Biscuit's Bug Bounty Playbook
  • Mains
    • ๐ŸงพResume For Cyber Security Freshie
    • ๐Ÿ“—Browser extension For Bug Bounty
    • ๐Ÿ“€POC Videos YT Channel
    • ๐Ÿ“บ55 YouTube Channels To Learn Hacking
    • ๐Ÿ‘€Hackers to Follow on Social Media
      • Twitter
      • Medium
      • YouTube
      • GitHub
      • Discord Server
      • Security GitBooks
    • ๐Ÿ…Learn The Basics
      • ๐ŸŽ–๏ธType Of Cyber Security
      • ๐ŸฅˆCommon Job Roles
      • ๐Ÿฅ‰Get Started With InfoSec
      • โš•๏ธBest Bug Bounty Platform
      • ๐Ÿ—ž๏ธBest InfoSec Writeups Website
      • ๐ŸชHacking Books
      • ๐Ÿฅ‚CLI Commands
      • ๐Ÿ’ฟLearn WSL
    • ๐Ÿ‘ฉโ€๐Ÿ’ปFun Programming Codes
    • ๐Ÿ”ฎBuild your own Bug Bounty Methodology
    • ๐ŸŽดBug Bounty Checklist
  • Learn Android Bug Bounty
    • ๐ŸŽฅVideo Tutorials
  • โค๏ธYouTube Channels
  • ๐Ÿ“ฐBug Bounty Reports
  • ๐Ÿ“šBlogs & Writeups
  • ๐ŸนGitHub Repository
  • ๐Ÿ‘จโ€๐Ÿ‘จโ€๐Ÿ‘งConference Talks
  • ๐Ÿ–จ๏ธAutomated Scanners
  • โš™๏ธIntentionally Vulnerable Apps
  • ๐ŸŽฑLearn Drozer For Android Pentesting
  • ๐Ÿช€Learn Frida For Android Pentesting
  • ๐ŸˆBypassing Security Protections in APKs via Objection and Frida
  • ๐ŸชSecurity Tools For Android Pentesting
  • ๐ŸŽนCLI Commands & Shortcuts
  • Bug Bounty Reports & Articles
    • 0๏ธโƒฃIndex
    • 1๏ธโƒฃTakeover's (Accounts, Sub-domains, etc)
      • ๐ŸšกSub Domain Takeover
      • ๐Ÿš Account Takeover
      • ๐ŸšŸdependency confusion vulnerability
    • 2๏ธโƒฃIDOR (Indirect Object Reference)
    • 3๏ธโƒฃLeaks & Disclosure (PII, API Key, etc)
    • 4๏ธโƒฃOpen Redirects
    • 5๏ธโƒฃRequest Forgery (CSRF & SSRF)
      • ๐ŸŸขCSRF
      • ๐Ÿ”ดSSRF
    • 6๏ธโƒฃInjections (HTML, XSS, etc)
      • ๐ŸŸกXSS
      • ๐ŸŸ HTML Injection
      • โšซSQL Injection
      • ๐ŸŸฃCR/LF Injection
      • ๐ŸŸขSSTI
      • ๐Ÿ”ดHost Header Injection
      • ๐Ÿ”ตCSV Injection
    • 7๏ธโƒฃBroken Access Control & Broken Authentication
      • โš™๏ธFile Upload Functionality
      • โš™๏ธPassword Reset Functionality
      • โš™๏ธ2FA Functionality
      • โš™๏ธOauth Functionality
      • โš™๏ธBypassing
      • โš™๏ธMisconfiguration
      • โš™๏ธCaptcha Bypass
    • 8๏ธโƒฃWeb Socket
    • 9๏ธโƒฃMiscellaneous Reports
    • ๐ŸงปRole Management Issue
    • 0๏ธCloud
      • ๐ŸŒฉ๏ธAWS S3
    • 1๏ธLow Hanging Fruits
    • 2๏ธCache Vulnerabilities
    • 3๏ธDOS/DDOS
  • 4๏ธForced Browsing
  • Bug Bounty Platforms
    • ๐Ÿ›BugCrowd
    • ๐ŸžHackerOne
    • ๐ŸIntigriti
    • ๐ŸœOpen Bug Bounty
  • Exploiting Technologies
    • 0๏ธโƒฃIntroduction
    • 1๏ธโƒฃWordpress
    • 2๏ธโƒฃGraphQL API
    • 3๏ธโƒฃIDOR Vulnerability
Powered by GitBook
On this page
  • GitHub Repositories
  • High Bounty Awards Reports on IDOR
  • Enumerating IDORs in All Possible Ways
  1. Exploiting Technologies

IDOR Vulnerability

PreviousGraphQL API

Last updated 11 months ago

Insecure Direct Object Reference (IDOR) is a vulnerability where an application exposes direct references to internal objects, like files or database entries, without proper access controls. This allows attackers to manipulate parameters and access unauthorized resources. IDOR can lead to unauthorized data access, modification, or deletion. Preventing IDOR requires implementing strong access control mechanisms, using indirect references, and validating user permissions for each request to ensure that only authorized users can access sensitive objects.

GitHub Repositories

Explore various vulnerability types and complete all reports. You may skip any report that you find easy.

High Bounty Awards Reports on IDOR

Covering some high bounty awards reports through Insecure Direct Object Reference (IDOR).

Enumerating IDORs in All Possible Ways

Learn how to enumerate IDORs in various ways.

3๏ธโƒฃ
HackerOne Reports
Awesome Bugbounty Writeups
Awesome Google VRP Writeups
HackerOneReports
Bug Bounty Reports Explained - IDOR Case 1
Bug Bounty Reports Explained - IDOR Case 2
Bug Bounty Reports Explained - IDOR Case 3
Enumerating IDORs - Video 1
Enumerating IDORs - Video 2
Enumerating IDORs - Video 3