Yay, I was awarded a $32,000 bounty on HackerOne! hackerone.com/ismailsenturk

Auth Bypass , SQLI , Idor , SSRF+RCE

#TogetherWeHitHarder

Attachment functionality has existed on HackerOne for years, But I still can not believe this IDOR bug has existed for years and no one found it before.

well done xklepxn
hackerone.com/reports/2442008
#BugBounty

😎 Always retest bugs marked as resolved.

#BugBounty #IDOR #Hacking

#CyCatz #cybersecurity IDOR lead to PII Disclosure

More... shorturl.at/hrFL7

#cyberawareness #cyberattack #breaches #databreaches #SurfaceWebMonitoring #mobilesecurity #emailsecurity #vendorriskmanagement #BrandMonitoring #security #information #bugbounty #idor

Fooo

IDOR + ATO Account Takeover via Reset Password

- a logged in area;
- intercept password change request;
- change username to another;
- if u have successfully changed user pass, u have an IDOR + ATO;

Impact: Critical

credit elsec

#bugbounty #bugbounty tips

Check out the latest post on Invent Your Shit on exploiting Insecure Direct Object References vulnerability in Webgoat Labs.

Here: inventyourshit.com/webgoat-insecu…

#ctf #Webgoat #webhacking #bugbountytip #bugbouny #Hacking #IDOR

IDOR + ATO Account Takeover via Reset Password

- a logged in area;
- intercept password change request;
- change username to another;
- if u have successfully changed user pass, u have an IDOR + ATO;

Impact: Critical

credit elsec

#bugbounty #bugbounty tips

くたくたになるまでエッチしたいよー

話して決めてもらってもいいです！

#ID交換
#通話相手募集

Admin Panel Takeover.. Self Hosted program… ATO is lub ❤️
And then I found IDOR in whole panel 😁.
#BugBounty #ethicalhacking

Nice week! More to come!

All are manually testing!
Info disclosure, BAC, IDOR

App a little bit complex, using app like normal user, click everything link/button to understand app and generate requests to Burp. The more you know app the more chance to find bugs #bugbountytips

見せ合いしてくれる人っていますか・・・
#鬼畜妄想 #処女

Why HackerOne is vulnerable to idor?
Congrats to the hacker

#30DaysofTHMstreak
IDOR - File Inclusion & Intro to SSRF rooms solved with al as6oorh ْ
Day 17✅

feels good to break the low-medium idor streak with a business logic error finding that could lead to some nasty financial consequences for the company if exploited!

YesWeHack ⠵ #yeswerhackers

Bug Bounty Tip : Insecure Direct Object Reference (IDOR)

#bug bounty #bug bounty tips #bounty #bug #technology #vulnerabilitymanagement #malware #privacy #malware analysis #security #pentips #penetrationtesting #kalilinux #burpsuite #webapplicationsecurity #infosec

朝ごはん

Critical vulnerability in the HackerOne platform. IDOR (9.8 CVSS) in the report editing mechanism, specifically in adding attachments. It was possible to access other, non-public reports without authorization. Reward $15,000. 💰

Details: hackerone.com/reports/2442008 🔗

El mayor bast@rdo, tr@idor, hdlgp que ha nacido en este país en su historia, quiere acabar con todo y con enfrentarnos a todos, pero no te vas a salir con la tuya maldito maln@cido!!!!