Back to directory
WRITEUP #331

How I was able to discover ATO Via IDOR vulnerability

IDORAccount takeover
byAhmed Tarek
Program
-
Published
Apr 28, 2024
Added to HackDex
Aug 6, 2024
Read Full Writeuphttps://medium.com/@0x_xnum/idor-leads-to-account-takeover-of-all-users-ato-27af312c8481
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover

Built with ❤️ by Shubham Rawat