WRITEUP #2803

Multiple vulnerability leading to account takeover in TikTok SMB subdomain.

IDOR

by@lu3ky13(Ahmad A Abdulla)

Bounty

1,000

Program

TikTok

Published

Apr 7, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://ahmadaabdulla.medium.com/vulnerabilitymultiple-vulnerability-leading-to-account-takeover-in-tiktok-smb-subdomain-c99e4a50b377

▸ RELATED WRITEUPS

Zomatoooo! IDOR in Saved Payments

IDOR

How I got my first $13500 bounty through Parameter Polluting (HPP)

IDORXSS

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

APIGraphQL

A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel

IDORBroken Access Control

Bypassing ACLs – IDOR exploitation via HPP

IDORHTTP parameter pollution

Built with ❤️ by Shubham Rawat