Back to directory
WRITEUP #3523

Fuzzing + IDOR = Admin TakeOver

IDORAccount takeover
by@0xCGonzalo(Gonzalo Carrasco)
Program
-
Published
Aug 9, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@gonzalocarrascosec/fuzzing-idor-admin-takeover-5343bb8f436e
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover

Built with ❤️ by Shubham Rawat