Chaining an IDOR with a business-logic error to achieve critical impact

Logic Flaw: I Can Block You from Accessing Your Own Account

Zomatoooo! IDOR in Saved Payments

“Like” Bypass on Customer Reviews — €500 bounty

How I got my first $13500 bounty through Parameter Polluting (HPP)

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover