Back to directory
WRITEUP #4254

How i could take over any Account on a USA Department of Defense Website due to a simple IDOR

IDORAccount takeover
by@naglinagli(Gal Nagli)
Program
U.S. Dept Of Defense
Published
Nov 7, 2020
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://web.archive.org/web/20221110072323/https://galnagli.com/DoD_IDOR/
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Zomatoooo! IDOR in Saved Payments
IDOR
CSRF Bypass Using Domain Confusion Leads To ATO
CSRFAccount takeover

Built with ❤️ by Shubham Rawat