Skip to content

Latest commit

 

History

History
225 lines (224 loc) · 30.9 KB

TOPIDOR.md

File metadata and controls

225 lines (224 loc) · 30.9 KB
Raw

Top IDOR reports from HackerOne:

  1. IDOR to add secondary users in www.paypal.com/businessmanage/users/api/v1/users to PayPal - 720 upvotes, $10500
  2. IDOR allow access to payments data of any user to Nord Security - 348 upvotes, $0
  3. Insecure Direct Object Reference (IDOR) - Delete Campaigns to HackerOne - 302 upvotes, $0
  4. idor allows you to delete photos and album from a gallery to Pornhub - 266 upvotes, $1500
  5. IDOR allows any user to edit others videos to Pornhub - 248 upvotes, $1500
  6. Singapore - Account Takeover via IDOR to Starbucks - 229 upvotes, $0
  7. IDOR delete any Tickets on ads.tiktok.com to TikTok - 199 upvotes, $0
  8. An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier to Unikrn - 194 upvotes, $3000
  9. I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD) to Yelp - 190 upvotes, $0
  10. IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 184 upvotes, $0
  11. IDOR vulnerability in unreleased HackerOne Copilot feature to HackerOne - 181 upvotes, $2500
  12. IDOR allows an attacker to modify the links of any user to Reddit - 175 upvotes, $0
  13. IDOR in the https://market.semrush.com/ to Semrush - 159 upvotes, $0
  14. IDOR leads to Edit Anyone's Blogs / Websites to Automattic - 153 upvotes, $0
  15. Insecure Direct Object Reference (IDOR) Allows Viewing Private Report Details via /bugs.json Endpoint to HackerOne - 135 upvotes, $0
  16. IDOR vulnerability (Price manipulation) to Acronis - 126 upvotes, $0
  17. [api.pandao.ru] IDOR for order delivery address to Mail.ru - 125 upvotes, $3000
  18. Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability to Reddit - 124 upvotes, $5000
  19. IDOR and statistics leakage in Orders to X (Formerly Twitter) - 115 upvotes, $289
  20. IDOR in https://3d.cs.money/ to CS Money - 115 upvotes, $0
  21. IDOR on GraphQL queries BillingDocumentDownload and BillDetails to Shopify - 107 upvotes, $5000
  22. IDOR leading to downloading of any attachment to BCM Messenger - 106 upvotes, $0
  23. IDOR leads to leak analytics of any restaurant to Uber - 105 upvotes, $2000
  24. IDOR for changing privacy settings on any memories to TikTok - 97 upvotes, $0
  25. IDOR leads to See analytics of Loyalty Program in any restaurant. to Uber - 96 upvotes, $1500
  26. IDOR on TikTok Ads Endpoint to TikTok - 92 upvotes, $2500
  27. Access User Tickets via IDOR in [widget.support.my.games] to Mail.ru - 86 upvotes, $0
  28. [unibet.com] Delete messages via IDOR at /mom-api/messages/unibet_█████████@unibet/ to Kindred Group - 85 upvotes, $0
  29. CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card to Yelp - 81 upvotes, $0
  30. IDOR allowing to read another user's token on the Social Media Ads service to Semrush - 81 upvotes, $0
  31. IDOR when moving contents at CrowdSignal to Automattic - 79 upvotes, $0
  32. IDOR via internal_api "users" endpoint to New Relic - 77 upvotes, $1500
  33. RCE, SQLi, IDOR, Auth Bypass and XSS at [staff.███.edu.eg ] to ██████ - 71 upvotes, $0
  34. Cross-Tenant IDOR ( graphql AddRulesToPixelEvents query ) allowing to add, update, and delete rules of any Pixel events on the platform to TikTok - 70 upvotes, $0
  35. IDOR vulnerability reveals additional information to Semrush - 70 upvotes, $0
  36. IDOR allows an attacker to delete anyone's featured photo. to LinkedIn - 62 upvotes, $0
  37. IDOR on Delete Email address features to Mozilla - 62 upvotes, $0
  38. IDOR the ability to view support tickets of any user on seller platform to TikTok - 61 upvotes, $2500
  39. IDOR to view order information of users and personal information to Affirm - 60 upvotes, $500
  40. IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture. to Glassdoor - 57 upvotes, $0
  41. IDOR - Leaking of team data (name, email, ID, member ID) via POST /api/v1/graphql FetchMemberships operation to Tools for Humanity - 56 upvotes, $500
  42. IDOR on HackerOne Feedback Review to HackerOne - 56 upvotes, $0
  43. IDOR in Report CSV export discloses the IDs of Custom Field Attributes of Programs to HackerOne - 54 upvotes, $0
  44. IDOR allows information disclosure to Semrush - 54 upvotes, $0
  45. IDOR on Tagged People to TikTok - 53 upvotes, $0
  46. CSRF combined with IDOR within Document Converter exposes files to Open-Xchange - 52 upvotes, $500
  47. Ability to add arbitrary images/descriptions/titles to ohter people's issues via IDOR on getrevue.co to X (Formerly Twitter) - 52 upvotes, $0
  48. Insecure Direct Object Reference allows Crew Invite deletion to Rockstar Games - 52 upvotes, $0
  49. IDOR to delete images from other stores to Zomato - 50 upvotes, $600
  50. IDOR when creating App on [platform.streamlabs.com/api/v1/store/whitelist] with user_id field to Logitech - 49 upvotes, $0
  51. IDOR of users to Mail.ru - 48 upvotes, $500
  52. IDOR with Geolocation data not stripped from images to IRCCloud - 48 upvotes, $200
  53. IDOR in marketing calendar tool to Semrush - 48 upvotes, $0
  54. IDOR in upload videos of a Channel on https://video.ibm.com to IBM - 47 upvotes, $0
  55. IDOR in sending support email upon Verifying user business domain to Trustpilot - 43 upvotes, $0
  56. IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account to EXNESS - 43 upvotes, $0
  57. IDOR - Delete technical skill assessment result & Gained Badges result of any user to LinkedIn - 39 upvotes, $0
  58. IDOR to delete profile images in https:███████ to U.S. Dept Of Defense - 38 upvotes, $0
  59. Insecure Direct Object Reference Protection bypass by changing HTTP method in IBM Your Learning endpoint. to IBM - 38 upvotes, $0
  60. IDOR in semrush academy to Semrush - 37 upvotes, $0
  61. IDOR в списке пользователей по домену в relap.io to Mail.ru - 36 upvotes, $0
  62. IDOR: leak buyer info & Publish/Hide foreign comments to Judge.me - 35 upvotes, $1250
  63. China - IDOR on Reservation Staging/Non Production Site - https://reservation.stg.starbucks.com.cn to Starbucks - 35 upvotes, $0
  64. [api.pandao.ru] IDOR позволяет изменять адрес любого пользователя to Mail.ru - 33 upvotes, $1000
  65. IDOR смена email пользователя через Ситимобил Бизнес to Mail.ru - 33 upvotes, $0
  66. Sensei LMS IDOR to send message to Automattic - 33 upvotes, $0
  67. IDOR in family pairing API to TikTok - 33 upvotes, $0
  68. IDOR - disclosure of private videos - /api_android_v3/getUserVideos to Pornhub - 32 upvotes, $1500
  69. <- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information -> to Rockstar Games - 30 upvotes, $0
  70. IDOR in editing courses to Radancy - 30 upvotes, $0
  71. No error thrown when IDOR attempted while editing address to OpenMage - 30 upvotes, $0
  72. IDOR to account takeover on POST to █████████ by changing member_id parameter to Mars - 30 upvotes, $0
  73. IDOR to cancel any table booking and leak sensitive information such as email,mobile number,uuid to Zomato - 29 upvotes, $250
  74. [www.zomato.com] IDOR - Leaking all Personal Details of all Zomato Users through an endpoint to Zomato - 29 upvotes, $0
  75. Idor on the DELETE /comments/ to RGhost - 29 upvotes, $0
  76. IDOR in TalentMAP API can be abused to enumerate personal information of all the users to U.S. Department of State - 29 upvotes, $0
  77. IDOR in one subdomain of █████████ -> change information of pets without athorization! to Mars - 29 upvotes, $0
  78. [NR Insights] IDOR - Modify the filter settings for any NR Insights dashboard through internal_api endpoint to New Relic - 28 upvotes, $2500
  79. Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card to Starbucks - 28 upvotes, $0
  80. I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure) to Yelp - 28 upvotes, $0
  81. IDOR when editing email leads to Account Takeover on Atavist to Automattic - 28 upvotes, $0
  82. Ability to read any emails through IDOR on Nextcloud Mail to Nextcloud - 28 upvotes, $0
  83. IDOR on www.acronis.com API lead to steal private business user information to Acronis - 27 upvotes, $100
  84. IDOR Payments Status to Omise - 27 upvotes, $100
  85. IDOR to view User Order Information to BOHEMIA INTERACTIVE a.s. - 27 upvotes, $0
  86. Corss-Tenant IDOR on Business allowing escalation privilege, invitation takeover, and edition of any other Businesses' employees to Uber - 27 upvotes, $0
  87. IDOR in API applications (able to see any API token, leads to account takeover) to Automattic - 27 upvotes, $0
  88. IDOR - Downloading all attachements if having access to a shared link to Open-Xchange - 26 upvotes, $888
  89. IDOR on TikTok Seller to TikTok - 26 upvotes, $500
  90. IDOR [mtnmobad.mtnbusiness.com.ng] to MTN Group - 26 upvotes, $0
  91. IDOR in changing shared file name to Trint Ltd - 25 upvotes, $0
  92. IDOR in Bugs overview enables attacker to determine the date range a hackathon was active to HackerOne - 25 upvotes, $0
  93. IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter to Lab45 - 25 upvotes, $0
  94. IDOR - Other user's delivery address disclosed to Azbuka Vkusa - 25 upvotes, $0
  95. IDOR ' can change any account email and cannot retrieve his account and access it ' at https://www.miroyalcanin.cl/ to Mars - 25 upvotes, $0
  96. IDOR in "external status check" API leaks data about any status check on the instance to GitLab - 24 upvotes, $610
  97. Thailand - IDOR on www.starbuckscardth.in.th: A logged in user could view any Thailand Starbucks card balance if they knew that Starbucks card number to Starbucks - 24 upvotes, $0
  98. █████████ IDOR leads to disclosure of PHI/PII to U.S. Dept Of Defense - 23 upvotes, $0
  99. IDOR bug to See hidden slowvote of any user even when you dont have access right to Phabricator - 22 upvotes, $300
  100. IDOR Causing Deletion of any account to Ubiquiti Inc. - 22 upvotes, $0
  101. IDOR widget.support.my.com to Mail.ru - 22 upvotes, $0
  102. IDOR in eform.molpay.com leads to see other users application forms with private data to Razer - 21 upvotes, $500
  103. IDOR to Account Takeover on https://████/index.html to U.S. Dept Of Defense - 21 upvotes, $0
  104. IDOR while uploading ████ attachments at [█████████] to U.S. Dept Of Defense - 21 upvotes, $0
  105. IDOR ' can add animal to other account ' at https://www.miroyalcanin.cl/ to Mars - 21 upvotes, $0
  106. IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs to Open-Xchange - 20 upvotes, $888
  107. IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown) to Open-Xchange - 20 upvotes, $300
  108. IDOR in tracking driver logs at city-mobil.ru to Mail.ru - 20 upvotes, $150
  109. Insecure Direct Object Reference (IDOR) Allowing me to claim other user's photos (driving license and selfies) as mine to Cuvva - 20 upvotes, $0
  110. IDOR on Program Visibilty (Revealed / Concealed) against other team members to HackerOne - 20 upvotes, $0
  111. GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson to Stripe - 20 upvotes, $0
  112. IDOR Leads To Account Takeover Without User Interaction to MTN Group - 20 upvotes, $0
  113. IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop to Shopify - 19 upvotes, $500
  114. IDOR unsubscribe Anyone from NextClouds Newsletters by knowing their Email to Nextcloud - 19 upvotes, $0
  115. IDOR to update folder name of other user to Trint Ltd - 19 upvotes, $0
  116. Metadata leakage via IDOR to Polymail, Inc. - 19 upvotes, $0
  117. IDOR редактирование любого вишлиста to QIWI - 19 upvotes, $0
  118. IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in order_id parameter to Reddit - 18 upvotes, $500
  119. IDOR - Ability to view unlisted products to Reverb.com - 18 upvotes, $0
  120. IDOR in activateFuelCard id allows bulk lookup of driver uuids to Uber - 18 upvotes, $0
  121. IDOR Vulnerability in Job Preferences to Glassdoor - 18 upvotes, $0
  122. IDOR - Access to private video thumbnails even if video requires password authentication to Pornhub - 17 upvotes, $0
  123. [app.mavenlink.com] IDOR to view sensitive information to Mavenlink - 17 upvotes, $0
  124. IDOR in report download functionality on ads.tiktok.com to TikTok - 16 upvotes, $500
  125. IDOR of contracts on dictor.mail.ru to Mail.ru - 16 upvotes, $150
  126. [www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users to Zomato - 16 upvotes, $100
  127. [www.zomato.com] IDOR - Delete/Deactivate any special menu of any Restaurants from Zomato to Zomato - 16 upvotes, $0
  128. 'cnvID' parameter vulnerable to Insecure Direct Object References to Concrete CMS - 16 upvotes, $0
  129. Singapore - IDOR in campaign.starbucks.com.sg to Starbucks - 16 upvotes, $0
  130. relap.io IDOR to Mail.ru - 16 upvotes, $0
  131. IDOR at 'media_code' when addings media to questions to Automattic - 16 upvotes, $0
  132. IDOR in https://moneybird.com/user/accountant_company/edit(change company name) to Moneybird - 16 upvotes, $0
  133. IDOR on partners.uber.com allows for a driver to override administrator documents to Uber - 15 upvotes, $500
  134. IDOR - Folder names disclosure inside a domain, regardless of user to Open-Xchange - 15 upvotes, $250
  135. Vimeo.com Insecure Direct Object References Reset Password to Vimeo - 15 upvotes, $0
  136. IDOR in merchant.rbmonkey.com allows deleting eShops of another user to RBKmoney - 15 upvotes, $0
  137. idor leads to leak order information to Mail.ru - 15 upvotes, $0
  138. IDOR on notes to HTML injection to Palo Alto Software - 15 upvotes, $0
  139. IDOR to U.S. Dept Of Defense - 15 upvotes, $0
  140. [NR Alerts/Synthetics] IDOR through /policies.json with Synthetics exposes full name of other NR users to New Relic - 14 upvotes, $1500
  141. IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA to Open-Xchange - 14 upvotes, $300
  142. IDOR allow to extract all registered email to Open-Xchange - 14 upvotes, $300
  143. IDOR on mcs.mail.ru to Mail.ru - 14 upvotes, $150
  144. IDOR on DoD Website exposes FTP users and passes linked to all accounts! to U.S. Dept Of Defense - 14 upvotes, $0
  145. Remove Every User, Admin, And Owner Out Of Their Teams on developers.mtn.com via IDOR + Information Disclosure to MTN Group - 14 upvotes, $0
  146. IDOR ' can delete any animal from other account ' at https://www.miroyalcanin.cl/ to Mars - 14 upvotes, $0
  147. IDOR expire other user sessions to Shopify - 13 upvotes, $1000
  148. IDOR - setAttribute action of user object in API to Open-Xchange - 13 upvotes, $400
  149. IDOR - Deleting other user's reminders just by id to Open-Xchange - 13 upvotes, $300
  150. [www.zomato.com] IDOR - Delete/Deactivate ANY/ALL Promos through a Post Request at clients/promoDataHandler.php to Zomato - 13 upvotes, $0
  151. Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR to Valve - 13 upvotes, $0
  152. IDOR to edit test/poll/quiz on relap.io to Mail.ru - 13 upvotes, $0
  153. [Razer Pay Mobile App] IDOR within /v1_IM/friends/queryDrawRedLog allowed unauthorised access to read logs to Razer - 12 upvotes, $500
  154. IDOR to view other user folder name to Open-Xchange - 12 upvotes, $250
  155. IDOR- Activate Mopub on different organizations- steal api token- Fabric.io to X (Formerly Twitter) - 12 upvotes, $0
  156. IDOR exposes receipts of all users. to RecargaPay - 12 upvotes, $0
  157. IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user to U.S. General Services Administration - 12 upvotes, $0
  158. View & add to cart unlisted items via IDOR to Instacart - 11 upvotes, $0
  159. IDOR + Account Takeover [UNAUTHENTICATED] to U.S. Dept Of Defense - 11 upvotes, $0
  160. IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data to Lab45 - 11 upvotes, $0
  161. IDOR leaking PII data via VendorId parameter to U.S. Dept Of Defense - 11 upvotes, $0
  162. IDOR Allows Viewer to Delete Bin's Files to Lark Technologies - 11 upvotes, $0
  163. IDOR in tender.mail.ru leading to Information Disclosure to Mail.ru - 10 upvotes, $0
  164. India - An Insecure Direct Object Reference (IDOR) allowed unauthorized access to view card index number and monetary balance to Starbucks - 10 upvotes, $0
  165. IDOR on stocky application-Low Stock-Varient-Settings-Columns to Shopify - 9 upvotes, $750
  166. [https://city-mobil.ru/taxiserv] IDOR leads to information disclosure to Mail.ru - 9 upvotes, $0
  167. IDOR on update user preferences to Palo Alto Software - 9 upvotes, $0
  168. IDOR zakazaka (состояние заказа и перезаказ) to Mail.ru - 9 upvotes, $0
  169. IDOR leads to Leakage an ██████████ Login Information to U.S. Dept Of Defense - 9 upvotes, $0
  170. IDOR to delete test/poll/quiz on relap.io to Mail.ru - 9 upvotes, $0
  171. [upload-X.my.mail.ru] /uploadphoto Insecure Direct Object References to Mail.ru - 8 upvotes, $160
  172. Insecure Direct Object Reference - access to other user/group DM's to X (Formerly Twitter) - 8 upvotes, $0
  173. IDOR create accounts and verify them with original account email to WakaTime - 8 upvotes, $0
  174. IDOR when editing email leads to Mass Full ATOs (Account Takeovers) without user interaction on https://██████/ to U.S. Dept Of Defense - 8 upvotes, $0
  175. Insecure direct object reference vulnerability on a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  176. Insecure Direct Object Reference (IDOR) vulnerability in a DoD website to U.S. Dept Of Defense - 7 upvotes, $0
  177. IDOR on https://██████ via POST UID enables database scraping to U.S. Dept Of Defense - 7 upvotes, $0
  178. IDOR allows accounts to view full name of other accounts based on email through share notes feature to New Relic - 6 upvotes, $750
  179. Insecure Direct Object Reference vulnerability to HackerOne - 6 upvotes, $500
  180. [c-api.city-mobil.ru] IDOR chat messages between driver and customer to Mail.ru - 6 upvotes, $150
  181. Generating Unlimited Free Travel Gift Invites | IDOR to Airbnb - 6 upvotes, $0
  182. IDOR - Disable sharing to Nextcloud - 6 upvotes, $0
  183. IDOR in treat subscriptions to Zomato - 6 upvotes, $0
  184. [city-mobil.ru/taxiserv/] IDOR leads to driver account takeover to Mail.ru - 6 upvotes, $0
  185. Full Account Take-Over of ████████ Members via IDOR to U.S. Dept Of Defense - 6 upvotes, $0
  186. View another user information with IDOR vulnerability to U.S. Dept Of Defense - 6 upvotes, $0
  187. IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name to U.S. General Services Administration - 6 upvotes, $0
  188. Insecure direct object reference - have access to deleted DM's to X (Formerly Twitter) - 5 upvotes, $0
  189. Insecure Direct Object Reference on badoo.com to Bumble - 5 upvotes, $0
  190. [auto.mail.ru] IDOR на редактирование поста любого юзера. to Mail.ru - 5 upvotes, $0
  191. Idor for firstpromoter service to Dropcontact - 5 upvotes, $0
  192. IDOR on remoing Share to Enter - 4 upvotes, $250
  193. IDOR on https://www.eobot.com/paypal to Eobot - 4 upvotes, $0
  194. Critical - Insecure Direct Object Reference - Deleting any member of any organization remotely to Veris - 4 upvotes, $0
  195. IDOR spam anyone's cellphone number through Cuvva app link to Cuvva - 4 upvotes, $0
  196. idor on upload profile functionality to U.S. Dept Of Defense - 4 upvotes, $0
  197. IDOR: Adding Contacts to Other User Groups to 8x8 - 4 upvotes, $0
  198. information disclosure via IDOR on "https://target.my.com/api/v2/coverage/segment.json?id={id}" endpoint to Mail.ru - 4 upvotes, $0
  199. IDOR able to buy a plan with lesser fee to Automattic - 4 upvotes, $0
  200. IDOR on ███████ [HtUS] to U.S. Dept Of Defense - 4 upvotes, $0
  201. CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to Videos of Channel whose privacy is set to Private. to Vimeo - 3 upvotes, $0
  202. Insecure Direct Object References in https://vimeo.com/forums to Vimeo - 3 upvotes, $0
  203. Insecure Direct Object References that allows to read any comment (even if it should be private) to Vimeo - 3 upvotes, $0
  204. Critical IDOR - Get venue data of any organization remotely to Veris - 3 upvotes, $0
  205. Critical IDOR - Can select any Parent while creating new Venue to Veris - 3 upvotes, $0
  206. Critical IDOR - Make Rule for Any Group & Any Venue remotely to Veris - 3 upvotes, $0
  207. Critical IDOR - Get Rules of any organization remotely to Veris - 3 upvotes, $0
  208. Critical IDOR - Get anyone's Terminal Data remotely to Veris - 3 upvotes, $0
  209. Critical IDOR - Set anyone's Terminal Data remotely to Veris - 3 upvotes, $0
  210. Critical IDOR - Get Authentication Details of any Terminal/Gatekeeper to Veris - 3 upvotes, $0
  211. Critical IDOR - Delete any terminal/gatekeeper of any organization remotely to Veris - 3 upvotes, $0
  212. Critical IDOR - Delete any rule of any organization remotely to Veris - 3 upvotes, $0
  213. Critical IDOR - Delete any venue of any organization remotely to Veris - 3 upvotes, $0
  214. Critical IDOR - Delete any group of any organization remotely to Veris - 3 upvotes, $0
  215. Insecure Direct Object Reference on API without API key to Semrush - 3 upvotes, $0
  216. Insecure Direct Object Reference on in-scope .mil website to U.S. Dept Of Defense - 3 upvotes, $0
  217. IDOR - User is able to download charts/dashboards from cross accounts to New Relic - 3 upvotes, $0
  218. Members Personal Information Leak Due to IDOR to U.S. Dept Of Defense - 3 upvotes, $0
  219. IDOR позволяет изменить информацию о пользователе. to Mail.ru - 2 upvotes, $0
  220. IDOR - Delete Users Saved Projects to U.S. Dept Of Defense - 2 upvotes, $0
  221. Authorization bypass -> IDOR -> PII Leakage to U.S. Dept Of Defense - 2 upvotes, $0
  222. IDOR in locid parameter allowing to view others accounts Profile Locations to Yelp - 1 upvotes, $0
  223. IDOR Lead To VIEW & DELETE & Create api_key [HtUS] to U.S. Dept Of Defense - 1 upvotes, $0