Skip to content

Latest commit

 

History

History
226 lines (225 loc) · 31.1 KB

TOPIDOR.md

File metadata and controls

226 lines (225 loc) · 31.1 KB
Raw

Top IDOR reports from HackerOne:

  1. IDOR to add secondary users in www.paypal.com/businessmanage/users/api/v1/users to PayPal - 721 upvotes, $10500
  2. IDOR allow access to payments data of any user to Nord Security - 349 upvotes, $0
  3. Insecure Direct Object Reference (IDOR) - Delete Campaigns to HackerOne - 302 upvotes, $0
  4. IDOR - Delete all Licenses and certifications from users account using CreateOrUpdateHackerCertification GraphQL query to HackerOne - 297 upvotes, $0
  5. idor allows you to delete photos and album from a gallery to Pornhub - 266 upvotes, $1500
  6. IDOR allows any user to edit others videos to Pornhub - 248 upvotes, $1500
  7. Singapore - Account Takeover via IDOR to Starbucks - 229 upvotes, $0
  8. IDOR delete any Tickets on ads.tiktok.com to TikTok - 200 upvotes, $0
  9. An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier to Unikrn - 197 upvotes, $3000
  10. I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD) to Yelp - 191 upvotes, $0
  11. IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 185 upvotes, $0
  12. IDOR vulnerability in unreleased HackerOne Copilot feature to HackerOne - 183 upvotes, $2500
  13. IDOR allows an attacker to modify the links of any user to Reddit - 176 upvotes, $0
  14. Insecure Direct Object Reference (IDOR) Allows Viewing Private Report Details via /bugs.json Endpoint to HackerOne - 171 upvotes, $0
  15. IDOR in the https://market.semrush.com/ to Semrush - 159 upvotes, $0
  16. IDOR leads to Edit Anyone's Blogs / Websites to Automattic - 154 upvotes, $0
  17. Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability to Reddit - 127 upvotes, $5000
  18. IDOR vulnerability (Price manipulation) to Acronis - 127 upvotes, $0
  19. [api.pandao.ru] IDOR for order delivery address to Mail.ru - 125 upvotes, $3000
  20. IDOR and statistics leakage in Orders to X (Formerly Twitter) - 119 upvotes, $289
  21. IDOR in https://3d.cs.money/ to CS Money - 116 upvotes, $0
  22. IDOR on GraphQL queries BillingDocumentDownload and BillDetails to Shopify - 112 upvotes, $5000
  23. IDOR leads to leak analytics of any restaurant to Uber - 109 upvotes, $2000
  24. IDOR leading to downloading of any attachment to BCM Messenger - 107 upvotes, $0
  25. IDOR for changing privacy settings on any memories to TikTok - 98 upvotes, $0
  26. IDOR leads to See analytics of Loyalty Program in any restaurant. to Uber - 97 upvotes, $1500
  27. IDOR to view order information of users and personal information to WakaTime - 97 upvotes, $0
  28. IDOR on TikTok Ads Endpoint to TikTok - 93 upvotes, $2500
  29. [unibet.com] Delete messages via IDOR at /mom-api/messages/unibet_█████████@unibet/ to Kindred Group - 87 upvotes, $0
  30. Access User Tickets via IDOR in [widget.support.my.games] to Mail.ru - 86 upvotes, $0
  31. CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card to Yelp - 81 upvotes, $0
  32. IDOR when moving contents at CrowdSignal to Automattic - 81 upvotes, $0
  33. IDOR allowing to read another user's token on the Social Media Ads service to Semrush - 81 upvotes, $0
  34. IDOR via internal_api "users" endpoint to New Relic - 77 upvotes, $1500
  35. IDOR vulnerability reveals additional information to Semrush - 75 upvotes, $0
  36. RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 71 upvotes, $0
  37. Cross-Tenant IDOR ( graphql AddRulesToPixelEvents query ) allowing to add, update, and delete rules of any Pixel events on the platform to TikTok - 70 upvotes, $0
  38. IDOR allows an attacker to delete anyone's featured photo. to LinkedIn - 67 upvotes, $0
  39. IDOR on Delete Email address features to Mozilla - 66 upvotes, $0
  40. IDOR - Leaking of team data (name, email, ID, member ID) via POST /api/v1/graphql FetchMemberships operation to Tools for Humanity - 64 upvotes, $500
  41. IDOR the ability to view support tickets of any user on seller platform to TikTok - 63 upvotes, $2500
  42. IDOR to view order information of users and personal information to Affirm - 63 upvotes, $500
  43. IDOR on HackerOne Feedback Review to HackerOne - 58 upvotes, $0
  44. IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture. to Glassdoor - 57 upvotes, $0
  45. IDOR allows information disclosure to Semrush - 55 upvotes, $0
  46. IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs to HackerOne - 54 upvotes, $0
  47. IDOR on Tagged People to TikTok - 54 upvotes, $0
  48. Insecure Direct Object Reference allows Crew Invite deletion to Rockstar Games - 53 upvotes, $0
  49. CSRF combined with IDOR within Document Converter exposes files to Open-Xchange - 52 upvotes, $500
  50. Ability to add arbitrary images/descriptions/titles to ohter people's issues via IDOR on getrevue.co to X (Formerly Twitter) - 52 upvotes, $0
  51. IDOR to delete images from other stores to Zomato - 51 upvotes, $600
  52. IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field to Logitech - 50 upvotes, $0
  53. IDOR of users to Mail.ru - 48 upvotes, $500
  54. IDOR with Geolocation data not stripped from images to IRCCloud - 48 upvotes, $200
  55. IDOR in marketing calendar tool to Semrush - 48 upvotes, $0
  56. IDOR in upload videos of a Channel on https://video.ibm.com to IBM - 47 upvotes, $0
  57. IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account to EXNESS - 44 upvotes, $0
  58. IDOR in sending support email upon Verifying user business domain to Trustpilot - 43 upvotes, $0
  59. IDOR - Delete technical skill assessment result & Gained Badges result of any user to LinkedIn - 40 upvotes, $0
  60. IDOR to delete profile images in https:███████ to U.S. Dept Of Defense - 39 upvotes, $0
  61. Insecure Direct Object Reference Protection bypass by changing HTTP method in IBM Your Learning endpoint. to IBM - 39 upvotes, $0
  62. IDOR: leak buyer info & Publish/Hide foreign comments to Judge.me - 37 upvotes, $1250
  63. IDOR in semrush academy to Semrush - 37 upvotes, $0
  64. IDOR leading unauthenticated attacker to download documents discloses PII of users and soldiers via https://www.█████████/Download.aspx?id= [HtUS] to U.S. Dept Of Defense - 36 upvotes, $500
  65. IDOR в списке пользователей по домену в relap.io to Mail.ru - 36 upvotes, $0
  66. China - IDOR on Reservation Staging/Non Production Site - https://reservation.stg.starbucks.com.cn to Starbucks - 35 upvotes, $0
  67. [api.pandao.ru] IDOR позволяет изменять адрес любого пользователя to Mail.ru - 33 upvotes, $1000
  68. IDOR смена email пользователя через Ситимобил Бизнес to Mail.ru - 33 upvotes, $0
  69. Sensei LMS IDOR to send message to Automattic - 33 upvotes, $0
  70. IDOR in family pairing API to TikTok - 33 upvotes, $0
  71. IDOR - disclosure of private videos - /api_android_v3/getUserVideos to Pornhub - 32 upvotes, $1500
  72. IDOR in editing courses to Radancy - 31 upvotes, $0
  73. No error thrown when IDOR attempted while editing address to OpenMage - 31 upvotes, $0
  74. IDOR in one subdomain of █████████ -> change information of pets without athorization! to Mars - 31 upvotes, $0
  75. <- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information -> to Rockstar Games - 30 upvotes, $0
  76. IDOR in TalentMAP API can be abused to enumerate personal information of all the users to U.S. Department of State - 30 upvotes, $0
  77. IDOR to account takeover on POST to █████████ by changing member_id parameter to Mars - 30 upvotes, $0
  78. IDOR to cancel any table booking and leak sensitive information such as email,mobile number,uuid to Zomato - 29 upvotes, $250
  79. IDOR on www.acronis.com API lead to steal private business user information to Acronis - 29 upvotes, $100
  80. [www.zomato.com] IDOR - Leaking all Personal Details of all Zomato Users through an endpoint to Zomato - 29 upvotes, $0
  81. Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card to Starbucks - 29 upvotes, $0
  82. Idor on the DELETE /comments/ to RGhost - 29 upvotes, $0
  83. IDOR when editing email leads to Account Takeover on Atavist to Automattic - 29 upvotes, $0
  84. [NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint to New Relic - 28 upvotes, $2500
  85. IDOR Payments Status to Omise - 28 upvotes, $100
  86. I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure) to Yelp - 28 upvotes, $0
  87. Ability to read any emails through IDOR on Nextcloud Mail to Nextcloud - 28 upvotes, $0
  88. IDOR to view User Order Information to BOHEMIA INTERACTIVE a.s. - 27 upvotes, $0
  89. Corss-Tenant IDOR on Business allowing escalation privilege, invitation takeover, and edition of any other Businesses' employees to Uber - 27 upvotes, $0
  90. IDOR in API applications (able to see any API token, leads to account takeover) to Automattic - 27 upvotes, $0
  91. IDOR - Downloading all attachements if having access to a shared link to Open-Xchange - 26 upvotes, $888
  92. IDOR on TikTok Seller to TikTok - 26 upvotes, $500
  93. IDOR in Bugs overview enables attacker to determine the date range a hackathon was active to HackerOne - 26 upvotes, $0
  94. IDOR [mtnmobad.mtnbusiness.com.ng] to MTN Group - 26 upvotes, $0
  95. IDOR in changing shared file name to Trint Ltd - 25 upvotes, $0
  96. IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter to Lab45 - 25 upvotes, $0
  97. IDOR - Other user's delivery address disclosed to Azbuka Vkusa - 25 upvotes, $0
  98. IDOR in "external status check" API leaks data about any status check on the instance to GitLab - 24 upvotes, $610
  99. Thailand - IDOR on www.starbuckscardth.in.th: A logged in user could view any Thailand Starbucks card balance if they knew that Starbucks card number to Starbucks - 24 upvotes, $0
  100. IDOR Causing Deletion of any account to Ubiquiti Inc. - 23 upvotes, $0
  101. █████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 23 upvotes, $0
  102. IDOR bug to See hidden slowvote of any user even when you dont have access right to Phabricator - 22 upvotes, $300
  103. IDOR widget.support.my.com to Mail.ru - 22 upvotes, $0
  104. IDOR in eform.molpay.com leads to see other users application forms with private data to Razer - 21 upvotes, $500
  105. IDOR on Program Visibilty (Revealed / Concealed) against other team members to HackerOne - 21 upvotes, $0
  106. IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 21 upvotes, $0
  107. IDOR while uploading ████ attachments at [█████████] to U.S. Dept Of Defense - 21 upvotes, $0
  108. IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs to Open-Xchange - 20 upvotes, $888
  109. IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop to Shopify - 20 upvotes, $500
  110. IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown) to Open-Xchange - 20 upvotes, $300
  111. IDOR in tracking driver logs at city-mobil.ru to Mail.ru - 20 upvotes, $150
  112. Insecure Direct Object Reference (IDOR) Allowing me to claim other user's photos (driving license and selfies) as mine to Cuvva - 20 upvotes, $0
  113. IDOR to update folder name of other user to Trint Ltd - 20 upvotes, $0
  114. GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson to Stripe - 20 upvotes, $0
  115. IDOR Leads To Account Takeover Without User Interaction to MTN Group - 20 upvotes, $0
  116. IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in order_id parameter to Reddit - 19 upvotes, $500
  117. IDOR unsubscribe Anyone from NextClouds Newsletters by knowing their Email to Nextcloud - 19 upvotes, $0
  118. IDOR - Ability to view unlisted products to Reverb.com - 19 upvotes, $0
  119. Metadata leakage via IDOR to Polymail, Inc. - 19 upvotes, $0
  120. IDOR редактирование любого вишлиста to QIWI - 19 upvotes, $0
  121. IDOR in activateFuelCard id allows bulk lookup of driver uuids to Uber - 18 upvotes, $0
  122. IDOR Vulnerability in Job Preferences to Glassdoor - 18 upvotes, $0
  123. Vimeo.com Insecure Direct Object References Reset Password to Vimeo - 17 upvotes, $0
  124. IDOR - Access to private video thumbnails even if video requires password authentication to Pornhub - 17 upvotes, $0
  125. [app.mavenlink.com] IDOR to view sensitive information to Mavenlink - 17 upvotes, $0
  126. 'cnvID' parameter vulnerable to Insecure Direct Object References to Concrete CMS - 17 upvotes, $0
  127. IDOR in report download functionality on ads.tiktok.com to TikTok - 16 upvotes, $500
  128. IDOR of contracts on dictor.mail.ru to Mail.ru - 16 upvotes, $150
  129. [www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users to Zomato - 16 upvotes, $100
  130. [www.zomato.com] IDOR - Delete/Deactivate any special menu of any Restaurants from Zomato to Zomato - 16 upvotes, $0
  131. Singapore - IDOR in campaign.starbucks.com.sg to Starbucks - 16 upvotes, $0
  132. relap.io IDOR to Mail.ru - 16 upvotes, $0
  133. IDOR at 'media_code' when addings media to questions to Automattic - 16 upvotes, $0
  134. IDOR on notes to HTML injection to Palo Alto Software - 16 upvotes, $0
  135. IDOR in https://moneybird.com/user/accountant_company/edit(change company name) to Moneybird - 16 upvotes, $0
  136. Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure to MTN Group - 16 upvotes, $0
  137. IDOR on partners.uber.com allows for a driver to override administrator documents to Uber - 15 upvotes, $500
  138. IDOR - Folder names disclosure inside a domain, regardless of user to Open-Xchange - 15 upvotes, $250
  139. IDOR in merchant.rbmonkey.com allows deleting eShops of another user to RBKmoney - 15 upvotes, $0
  140. idor leads to leak order information to Mail.ru - 15 upvotes, $0
  141. IDOR to U.S. Dept Of Defense - 15 upvotes, $0
  142. IDOR may allow access to non-public photos to Flickr - 15 upvotes, $0
  143. [NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users to New Relic - 14 upvotes, $1500
  144. IDOR expire other user sessions to Shopify - 14 upvotes, $1000
  145. IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA to Open-Xchange - 14 upvotes, $300
  146. IDOR allow to extract all registered email to Open-Xchange - 14 upvotes, $300
  147. IDOR on mcs.mail.ru to Mail.ru - 14 upvotes, $150
  148. IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 14 upvotes, $0
  149. IDOR - setAttribute action of user object in API to Open-Xchange - 13 upvotes, $400
  150. IDOR - Deleting other user's reminders just by id to Open-Xchange - 13 upvotes, $300
  151. IDOR- Activate Mopub on different organizations- steal api token- Fabric.io to X (Formerly Twitter) - 13 upvotes, $0
  152. [www.zomato.com] IDOR - Delete/Deactivate ANY/ALL Promos through a Post Request at clients/promoDataHandler.php to Zomato - 13 upvotes, $0
  153. Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR to Valve - 13 upvotes, $0
  154. IDOR to edit test/poll/quiz on relap.io to Mail.ru - 13 upvotes, $0
  155. [Razer Pay Mobile App] IDOR within /v1_IM/friends/queryDrawRedLog allowed unauthorised access to read logs to Razer - 12 upvotes, $500
  156. IDOR to view other user folder name to Open-Xchange - 12 upvotes, $250
  157. IDOR exposes receipts of all users. to RecargaPay - 12 upvotes, $0
  158. IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 12 upvotes, $0
  159. IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data to Lab45 - 12 upvotes, $0
  160. IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user to U.S. General Services Administration - 12 upvotes, $0
  161. View & add to cart unlisted items via IDOR to Instacart - 11 upvotes, $0
  162. IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 11 upvotes, $0
  163. IDOR Allows Viewer to Delete Bin's Files to Lark Technologies - 11 upvotes, $0
  164. IDOR on stocky application-Low Stock-Varient-Settings-Columns to Shopify - 10 upvotes, $750
  165. IDOR in tender.mail.ru leading to Information Disclosure to Mail.ru - 10 upvotes, $0
  166. India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance to Starbucks - 10 upvotes, $0
  167. [https://city-mobil.ru/taxiserv] IDOR leads to information disclosure to Mail.ru - 9 upvotes, $0
  168. IDOR on update user preferences to Palo Alto Software - 9 upvotes, $0
  169. IDOR zakazaka (состояние заказа и перезаказ) to Mail.ru - 9 upvotes, $0
  170. IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 9 upvotes, $0
  171. IDOR to delete test/poll/quiz on relap.io to Mail.ru - 9 upvotes, $0
  172. [upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References to Mail.ru - 8 upvotes, $160
  173. Insecure Direct Object Reference - access to other user/group DM's to X (Formerly Twitter) - 8 upvotes, $0
  174. IDOR create accounts and verify them with original account email to WakaTime - 8 upvotes, $0
  175. View another user information with IDOR vulnerability to U.S. Dept Of Defense - 8 upvotes, $0
  176. IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 8 upvotes, $0
  177. IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/ to U.S. Dept Of Defense - 8 upvotes, $0
  178. Insecure Direct Object Reference vulnerability to HackerOne - 7 upvotes, $500
  179. Insecure direct object reference - have access to deleted DM's to X (Formerly Twitter) - 7 upvotes, $0
  180. Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  181. Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  182. IDOR in treat subscriptions to Zomato - 7 upvotes, $0
  183. IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name to U.S. General Services Administration - 7 upvotes, $0
  184. IDOR allows accounts to view full name of other accounts based on email through share notes feature to New Relic - 6 upvotes, $750
  185. [c-api.city-mobil.ru] IDOR chat messages between driver and customer to Mail.ru - 6 upvotes, $150
  186. Generating Unlimited Free Travel Gift Invites | IDOR to Airbnb - 6 upvotes, $0
  187. IDOR - Disable sharing to Nextcloud - 6 upvotes, $0
  188. [city-mobil.ru/taxiserv/] IDOR leads to driver account takeover to Mail.ru - 6 upvotes, $0
  189. Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 6 upvotes, $0
  190. Insecure Direct Object Reference on badoo.com to Bumble - 5 upvotes, $0
  191. Critical - Insecure Direct Object Reference - Deleting any member of any organization remotely to Veris - 5 upvotes, $0
  192. [auto.mail.ru] IDOR на редактирование поста любого юзера. to Mail.ru - 5 upvotes, $0
  193. Idor for firstpromoter service to Dropcontact - 5 upvotes, $0
  194. IDOR on ███████ [HtUS] to U.S. Dept Of Defense - 5 upvotes, $0
  195. IDOR on remoing Share to Enter - 4 upvotes, $250
  196. IDOR on https://www.eobot.com/paypal to Eobot - 4 upvotes, $0
  197. IDOR spam anyone's cellphone number through Cuvva app link to Cuvva - 4 upvotes, $0
  198. idor on upload profile functionality to U.S. Dept Of Defense - 4 upvotes, $0
  199. IDOR: Adding Contacts to Other User Groups to 8x8 - 4 upvotes, $0
  200. information disclosure via IDOR on "https://target.my.com/api/v2/coverage/segment.json?id={id}" endpoint to Mail.ru - 4 upvotes, $0
  201. IDOR able to buy a plan with lesser fee to Automattic - 4 upvotes, $0
  202. CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to Videos of Channel whose privacy is set to Private. to Vimeo - 3 upvotes, $0
  203. Insecure Direct Object References in https://vimeo.com/forums to Vimeo - 3 upvotes, $0
  204. Insecure Direct Object References that allows to read any comment (even if it should be private) to Vimeo - 3 upvotes, $0
  205. Critical IDOR - Get venue data of any organization remotely to Veris - 3 upvotes, $0
  206. Critical IDOR - Can select any Parent while creating new Venue to Veris - 3 upvotes, $0
  207. Critical IDOR - Make Rule for Any Group & Any Venue remotely to Veris - 3 upvotes, $0
  208. Critical IDOR - Get Rules of any organization remotely to Veris - 3 upvotes, $0
  209. Critical IDOR - Get anyone's Terminal Data remotely to Veris - 3 upvotes, $0
  210. Critical IDOR - Set anyone's Terminal Data remotely to Veris - 3 upvotes, $0
  211. Critical IDOR - Get Authentication Details of any Terminal/Gatekeeper to Veris - 3 upvotes, $0
  212. Critical IDOR - Delete any terminal/gatekeeper of any organization remotely to Veris - 3 upvotes, $0
  213. Critical IDOR - Delete any rule of any organization remotely to Veris - 3 upvotes, $0
  214. Critical IDOR - Delete any venue of any organization remotely to Veris - 3 upvotes, $0
  215. Critical IDOR - Delete any group of any organization remotely to Veris - 3 upvotes, $0
  216. Insecure Direct Object Reference on API without API key to Semrush - 3 upvotes, $0
  217. Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 3 upvotes, $0
  218. IDOR - User is able to download charts/dashboards from cross accounts to New Relic - 3 upvotes, $0
  219. Members Personal Information Leak Due to IDOR to U.S. Dept Of Defense - 3 upvotes, $0
  220. IDOR позволяет изменить информацию о пользователе. to Mail.ru - 2 upvotes, $0
  221. IDOR - Delete Users Saved Projects to U.S. Dept Of Defense - 2 upvotes, $0
  222. Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 2 upvotes, $0
  223. IDOR in locid parameter allowing to view others accounts Profile Locations to Yelp - 1 upvotes, $0
  224. IDOR Lead To VIEW & DELETE & Create api_key [HtUS] to U.S. Dept Of Defense - 1 upvotes, $0