Back to directory
WRITEUP #3563

Abusing JSON Web Token to steal accounts — 3000$

IDOR
by@filipaze_(Filipe Azevedo)
Bounty
3,000
Program
-
Published
Jul 27, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://filipaze.medium.com/abusing-json-web-token-to-steal-accounts-3000-b9f7daeaef81
RELATED WRITEUPS
Zomatoooo! IDOR in Saved Payments
IDOR
How I got my first $13500 bounty through Parameter Polluting (HPP)
IDORXSS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel
IDORBroken Access Control
Bypassing ACLs – IDOR exploitation via HPP
IDORHTTP parameter pollution

Built with ❤️ by Shubham Rawat