Hello Viewers,I’m Bharat Sewani and today i will share how i found IDOR vulnerability in hackerone while i were testing the hackerone web application i found out that they are using ID to change the visibility of program on hackerone.
so let’s start it :
To exploit this IDOR vulnerability in hackerone we need two different accounts.let’s assume 1st account as “bh” and sceond account as “bb”, now create the new program on hackerone from both accounts. After creating the program open bh (1st account ) go to team settings open the inspect element and copy the id value of team.
After that now open bb (2nd account) go to teams open inspect element and now just replace the team id with the id you noted down.after doing this the program of first account privacy will change to private from public.
IDOR Vulnerability in HACKERONE :