Back to directory
WRITEUP #5944

Using a GitHub app to escalate to an organization owner for a $10,000 bounty

IDORBroken authorization
by@itscachemoney(Tanner Emek)
Bounty
10,000
Program
GitHub
Published
Jun 20, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://medium.com/@cachemoney/using-a-github-app-to-escalate-to-an-organization-owner-for-a-10-000-bounty-4ec307168631
RELATED WRITEUPS
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing
Zomatoooo! IDOR in Saved Payments
IDOR
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
How I got my first $13500 bounty through Parameter Polluting (HPP)
IDORXSS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL

Built with ❤️ by Shubham Rawat