IDOR - how to predict an identifier? Bug bounty case study

Поделиться
HTML-код
  • Опубликовано: 28 ноя 2024
  • НаукаНаука

Комментарии • 30

  • @BugBountyReportsExplained
    @BugBountyReportsExplained  Год назад +4

    Welcome to the comment section. If you don't want to miss my future case studies, join BBRE Newsletter for free at bbre.dev/nl

  • @moizpasha7852
    @moizpasha7852 Год назад +4

    Great vid! One of the weirdest IDORs I found used a UNIX epoch timestamp format as an identifier. I spent a lot of time bruteforcing it, but since I was only changing the time by a matter of milliseconds (I did not know what a UNIX timestamp was) I did not get to exploit it. Reported it anyway and got informed that it was a P1.

  • @normalitee0os
    @normalitee0os Год назад +2

    Your channel is just absolute gold man!

  • @eyezikandexploits
    @eyezikandexploits Год назад

    Veen heavy in idor lately this video was nice and perfect timing

  • @AbdAlkarimTube
    @AbdAlkarimTube Год назад +2

    Nice topic! We need more on BAC. Thanks!

  • @musaumarfaruq8675
    @musaumarfaruq8675 Год назад

    Where can I find all the bug reports

  • @guillermoslomon6738
    @guillermoslomon6738 Год назад

    I really like the way you explain it, thank you

  • @monKeman495
    @monKeman495 Год назад +1

    Much appreciated detailed case study of IDOR bug class can we expect your 20k aws misconfiguration vid next ?

  • @andrezaantonelli5024
    @andrezaantonelli5024 Год назад

    Thank you so much for your help and your time.

  • @duskb1t
    @duskb1t Год назад

    I really enjoy your content. You have a new active sub

  • @32_jadav_akash22
    @32_jadav_akash22 Год назад

    If the identifier is long or uuid it could be found on the Wayback machine it is still a valid report??

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  Год назад

      rez0 has a great blogpost about the topic: rez0.blog/hacking/cybersecurity/2022/08/18/unpredictable-idors.html

  • @CristiVladZ
    @CristiVladZ Год назад

    I love these case studies!

  • @GajendraMahat
    @GajendraMahat 11 месяцев назад

    which website he is using to view all the writeup

  • @johnnyonpc6799
    @johnnyonpc6799 Год назад

    Just found your channel, very good content I'd say. Keep it up! Subbed.

  • @M7moudx22
    @M7moudx22 Год назад

    it's possbile to upload write-ups file ?

  • @sxhil.d3v
    @sxhil.d3v Год назад

    can u share all reports coz i just started idk much idors

  • @EndlessTech
    @EndlessTech Год назад +1

    According to you how many people in world are there in Penetration testing and ethical hacking in cybersecurity like range or gesture for example 4-5 million, etc.

  • @leghdaf
    @leghdaf 3 месяца назад

    Great Content ...

  • @ahmetsaric5364
    @ahmetsaric5364 9 месяцев назад

    Thank you

  • @grassy-p12
    @grassy-p12 Год назад

    Yeah its so informative😍

  • @MFoster392
    @MFoster392 Год назад

    Gret video thanks

  • @bibekdhakal3887
    @bibekdhakal3887 Год назад

    😁😁

Следующие
Автовоспроизведение
Top privilege escalation techniques - bug bounty case study22:41Top privilege escalation techniques - bug bounty case study
Top privilege escalation techniques - bug bounty case studyBug Bounty Reports Explained
Просмотров 3,5 тыс.
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports19:58What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reportsBug Bounty Reports Explained
Просмотров 16 тыс.
How much money I made in my 1st year of bug bounty? Bounty vlog #417:02How much money I made in my 1st year of bug bounty? Bounty vlog #4
How much money I made in my 1st year of bug bounty? Bounty vlog #4Bug Bounty Reports Explained
Просмотров 165 тыс.
Australia v India 2024-25 | First Test | Day Four08:03Australia v India 2024-25 | First Test | Day Four
Australia v India 2024-25 | First Test | Day Fourcricket.com.au
Просмотров 11 млн
Man City 0-4 Tottenham Hotspur | Premier League Highlights | Spurs THRASH Champions at Etihad02:15Man City 0-4 Tottenham Hotspur | Premier League Highlights | Spurs THRASH Champions at Etihad
Man City 0-4 Tottenham Hotspur | Premier League Highlights | Spurs THRASH Champions at EtihadTottenham Hotspur
Просмотров 2,9 млн
Fortnite's *FREE* JUICE WRLD SKIN NOW AVAILABLE! (How to Unlock)08:28Fortnite's *FREE* JUICE WRLD SKIN NOW AVAILABLE! (How to Unlock)
Fortnite's *FREE* JUICE WRLD SKIN NOW AVAILABLE! (How to Unlock)oShven
Просмотров 450 тыс.
¥$, North West, Chicago West, Yuno Miles - BOMB02:32¥$, North West, Chicago West, Yuno Miles - BOMB
¥$, North West, Chicago West, Yuno Miles - BOMBKanyeWestVEVO
Просмотров 1 млн
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs9:53My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLsBug Bounty Reports Explained
Просмотров 25 тыс.
0 to $100,000 in Bug Bounty : The architecture !! #bugbounty18:190 to $100,000 in Bug Bounty : The architecture !! #bugbounty
0 to $100,000 in Bug Bounty : The architecture !! #bugbountyMayur Chavan
Просмотров 3,9 тыс.
Solving a REAL investigation using OSINT19:03Solving a REAL investigation using OSINT
Solving a REAL investigation using OSINTGary Ruddell
Просмотров 188 тыс.
Why Your IDORs Get NA’d, Cookies Explained20:09Why Your IDORs Get NA’d, Cookies Explained
Why Your IDORs Get NA’d, Cookies ExplainedInsiderPhD
Просмотров 17 тыс.
DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix32:30DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix
DEF CON 32 - The Darkest Side of Bug Bounty - Jason HaddixDEFCONConference
Просмотров 47 тыс.
Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security Camera19:45Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security Camera
Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security CameraMatt Brown
Просмотров 317 тыс.
$780,000 in 3 months Bug Bounty!23:55$780,000 in 3 months Bug Bounty!
$780,000 in 3 months Bug Bounty!Tadi
Просмотров 13 тыс.
Which XSS payloads get the biggest bounties? - Case study of 174 reports28:40Which XSS payloads get the biggest bounties? - Case study of 174 reports
Which XSS payloads get the biggest bounties? - Case study of 174 reportsBug Bounty Reports Explained
Просмотров 27 тыс.
This Is How You Setup Your Bug Bounty & Automation Box (Part 1)19:19This Is How You Setup Your Bug Bounty & Automation Box (Part 1)
This Is How You Setup Your Bug Bounty & Automation Box (Part 1)NahamSec
Просмотров 19 тыс.
купила SAMSUNG Z FLIP 6 🎀 и вот что получилось00:47купила SAMSUNG Z FLIP 6 🎀 и вот что получилось
купила SAMSUNG Z FLIP 6 🎀 и вот что получилосьSolovey Nuts
Просмотров 1,4 млн
Анимация логотипа для компании MYCOM00:46Анимация логотипа для компании MYCOM
Анимация логотипа для компании MYCOMFreelStep Shorts
Просмотров 1,3 млн
Говорят, ЛУЧШИЙ КОМПАКТ! Хвалёный VIVO X200 PRO Mini - не без ПРОБЛЕМ25:40Говорят, ЛУЧШИЙ КОМПАКТ! Хвалёный VIVO X200 PRO Mini - не без ПРОБЛЕМ
Говорят, ЛУЧШИЙ КОМПАКТ! Хвалёный VIVO X200 PRO Mini - не без ПРОБЛЕМi-shoppers - обзоры от Саныча
Просмотров 63 тыс.
Лучше так не делайте... Скальпирование процессора00:37Лучше так не делайте... Скальпирование процессора
Лучше так не делайте... Скальпирование процессораCONSTRUCT PC
Просмотров 377 тыс.
Yanlışlıkla Telefonumu Parçaladım!😱00:18Yanlışlıkla Telefonumu Parçaladım!😱
Yanlışlıkla Telefonumu Parçaladım!😱Safak Novruz
Просмотров 262 тыс.
Introducing the "VitaWear SmartBand," a next-generation wearable gadget🎉00:27Introducing the "VitaWear SmartBand," a next-generation wearable gadget🎉
Introducing the "VitaWear SmartBand," a next-generation wearable gadget🎉Dilkhush
Просмотров 14 млн
Introducing the "VitaWear SmartBand," a next-generation wearable gadget🎉00:27Introducing the "VitaWear SmartBand," a next-generation wearable gadget🎉
Introducing the "VitaWear SmartBand," a next-generation wearable gadget🎉Dilkhush
Просмотров 14 млн
Бюджетный игровой смартфон мечты? 😎 Realme 13+ 5G01:09Бюджетный игровой смартфон мечты? 😎 Realme 13+ 5G
Бюджетный игровой смартфон мечты? 😎 Realme 13+ 5GВэйми
Просмотров 830 тыс.