A somewhat curated list of links to various topics in application security.
| Link | Excerpt | Word Count |
|---|---|---|
| https://link.medium.com/ReIPZNYhm0 | 0 | |
| Chains on Chains!! Chaining several IDOR’s into Account Takeover(PART ONE) | Daniel Marte·Follow--2ListenShareHello Everybody,Welcome to my FIRST writeup! Just to give you some background, My name is Daniel, I started hacking about 4 months ago and can’t stop! I’ve really been enjoying learning and exploiting some bugs! :D This writeup will be about how I achieved my fi | 947 |
| How I could delete Facebook Ask for Recommendations post’s place objects in comments | This blog post is about an Insecure direct object reference vulnerability in Facebook Ask for Recommendations post. using attacker could have remove place object card in comments. | 219 |
| Stories Of IDOR-Part 2 | So Today i am going to share another IDOR story, well all stories in this blog is for single website, let name it xyz.com. Its an Education platform, mostly for the Political/Media/Historians students, where it gave a grouped platform for discussions. | 673 |
| cat ~/footstep.ninja/blog.txt | In my previous post, I shared my love for testing Insecure Direct Object Reference (IDOR) vulnerability. This time I’ll be sharing the situation where I found an IDOR in Websockets. You may want to read this write-up before you continue. But in short, I shared how I approach testing Websockets. | 333 |
| HTTP Request Smuggling + IDOR | HTTP Request Smuggling or HTTP Desync is one of the trendy vulnerabilities of the moment and one of my favorites, because it allows you to greatly increase the severity of most common bugs. | 689 |
| GraphQL IDOR leads to information disclosure | Hello World!, I’m Eshan Singh aka R0X4R. I’m here to share my recent findings on GraphQL IDOR (Insecure Direct Object Reference), which leads to information disclosure. So, let’s start. I’m signing in… What is GraphQL? | 536 |
| cat ~/footstep.ninja/blog.txt | In this post, I’ll be talking about an interesting bug chain I discovered a few months ago; Stored XSS + IDOR (Cross Site Scripting and Insecure Direct Object Reference respectively). The target is an application that helps manage finances. | 293 |
| cat ~/footstep.ninja/blog.txt | Oh! Yea, HTTP is the most common channel you could find an Insecure Direct Object Reference (IDOR) Vulnerability (IMO). I should call this an IDOR series, hahah! In my last post, I mentioned there was a vulnerable HTTP PUT request on the target. | 396 |
| Inf0rM@tion Disclosure via IDOR | Three Duplicates & a Final BLOW! The “userId” parameter was vulnerable to IDOR! If we change the userId than it was showing out Email addresses and Names of all the registered Users in the Activity Log of the web application. | 1365 |
| https://link.medium.com/99Jx3wwTv3 | 0 | |
| https://link.medium.com/uAVtDAbHy3 | 0 | |
| https://blog.usejournal.com/a-less-known-attack-vector-second-order-idor-attacks-14468009781a | 0 | |
| x.com | 0 | |
| https://link.medium.com/PjhkoF2kjdb | 0 | |
| Finding more IDORs – Tips and Tricks | Before working in the Security Testing team at Aon, I set myself the goal of receiving a bug bounty from a public vulnerability disclosure program. As is often recommended, I decided to look for one bug class in as many places as possible. | 2004 |
| Exploiting IDORs – A compilation | Hello readers, in this blog, our Senior Consultant Vanshal Gaur, is going to explain access control and vulnerabilities arising from insecure access control such as Insecure Direct Object References (IDOR) with some interesting obscure examples. | 3104 |
| 👩💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much… | Watch this talk about $25 billion+ of value, locked in the practical attacks against bridges. Welcome to the #IWWeekly28 — the Monday newsletter that brings the best in Infosec straight to your inbox. | 758 |
| devanshbatham/Vulnerabilities-Unmasked | This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand! Disclaimer: The analogies provided in this conversation are generated by a Language Model (LLM) using prompt engineering techniques. | 3112 |
| IDOR - how to predict an identifier? Bug bounty case study | 📚 Access full case study here: https://members.bugbountyexplained.com/how-to-make-money-with-idors-idor-case-study/ 📖 Check out AppSecEngineer, the sponsor of today's video: https://www.appsecengineer.com 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing | 0 |