Hello everyone,I discovered an IDOR vulnerability based on user IDs, but the IDs seem to be generated using a certain date pattern,it's 24-character hexadecimal string, Any ideas on how I can detect the user ID? #cybersecurity #vulnerability #infosec #BugBounty
Amazing Week๐ฅ
-->Tip1:
Always try all CSRF bypass protection token techniques.
-->Tip2:
Read Api documentation, test for IDOR in any endpoint.
bugcrowd
#BugBounty
#bugbountytips
I earned $3900 for my submission on @bugcrowd bugcrowd.com/walidhossain #ItTakesACrowd
1xP1 - idor to takeover org
2xP3 - idor
2xP4 - idor,csrf
Struggler Hates it Here Well AC Valhalla takes place around 850 and Vinland is after 1000 is chances are it's not canon, but kinda funny to think about tho lol
When you are testing requests in burp repeater, if you have a 403 error code, check whether it has been executed.
I just found an IDOR when the repeater gave me a 403 error code.๐บ
#bugbounty #bugbounty tips
Some of the major vulnerabilities and related POCโs:
โกSQLi
โกXSS
โกSSRF
โกXXE
โกPath Traversal
โกOpen Redirection
โกAccount Takeover
โกRemote code execution
โกIDOR
โกCSRF
#hacking #bugbounty #bugbounty tips
Are Found Below๐งต(1/n)๐
โค๏ธ ใใ โค๏ธ ไปใไผๅ ดใใ้ขใใฆใใใฎใงใ้ๅ ดๅพor็ตไบๅพใซไบคๆใงใๅฏ่ฝใงใใใใ๏ผ