IDOR vulnerability in Hackerone

Hello Viewers,I’m Bharat Sewani and today i will share how i found IDOR vulnerability in hackerone while i were testing the hackerone web application i found out that they are using ID to change the visibility of program on hackerone.

so let’s start it :

To exploit this IDOR vulnerability in hackerone we need two different accounts.let’s assume 1st account as “bh” and sceond account as “bb”, now create the new program on hackerone from both accounts. After creating the program open bh (1st account ) go to team settings open the inspect element and copy the id value of team.

IDOR vulnerability in hackerone

After that now open bb (2nd account) go to teams open inspect element and now just replace the team id with the id you noted down.after doing this the program of first account privacy will change to private from public.

IDOR Vulnerability in HACKERONE :

You may also like...

5 Responses

  1. lucky says:

    good catch…

  2. Darell Werst says:

    I’ve been browsing online more than 3 hours as of late, yet I by no means found any attention-grabbing article like yours. It¦s beautiful value enough for me. Personally, if all webmasters and bloggers made excellent content material as you did, the net will be much more useful than ever before.

  1. April 24, 2016

    […] IDOR vulnerability in Hackerone […]

Leave a Reply

Your email address will not be published. Required fields are marked *