← All tags

#IDOR

14 posts

BugForge - Daily - Copy Pasta (Jun 25, 2026)

A broken access control flaw in collection sharing. A public collection share endpoint returns the contents of every assigned snippet without re-checking each snippet's own visibility, allowing a private snippet to be leaked by adding it to a public collection…

Broken Access Control IDOR
Posted on 2026-06-25 20:00 4 min read

BugForge - Daily - Ottergram (Feb 28, 2026)

The Ottergram application contains an HTTP Verb Tampering vulnerability combined with an Insecure Direct Object Reference (IDOR) flaw in its comment…

Broken Access Control IDOR Http Verb Tampering
Posted on 2026-02-28 19:00 5 min read

BugForge - Daily - Gift Lab (Feb 19, 2026)

The Gift Lab application contains an Insecure Direct Object Reference (IDOR) vulnerability in its list sharing functionality. The application generates…

Broken Access Control IDOR
Posted on 2026-02-19 19:00 4 min read

BugForge - Daily - Cafe Club (Feb 8, 2026)

This challenge exploits an Insecure Direct Object Reference (IDOR) vulnerability in the profile password update functionality. The application includes the…

IDOR
Posted on 2026-02-08 19:00 4 min read

BugForge - Daily - Ottergram (Jan 31, 2026)

The Ottergram application contains an Insecure Direct Object Reference (IDOR) vulnerability in its profile update functionality. While the application…

IDOR Broken Access Control
Posted on 2026-01-31 20:00 4 min read

BugForge - Daily - Tanuki (Jan 27, 2026)

This challenge demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in the profile update functionality. The application passes the username…

IDOR Broken Access Control
Posted on 2026-01-27 20:00 4 min read

BugForge - Daily - Copy Pasta (Jan 21, 2026)

This issue is a classic example of broken access control caused by trusting user-supplied object identifiers. A password reset endpoint accepts a userId…

Broken Access Control IDOR
Posted on 2026-01-21 20:00 4 min read

BugForge - Daily - Ottergram (Jan 17, 2026)

This walkthrough demonstrates how an Insecure Direct Object Reference (IDOR) can surface in real-time features by moving beyond basic HTTP endpoints and…

Web Sockets IDOR
Posted on 2026-01-17 19:25 3 min read

BugForge - Daily - Sokudo (Jan 15, 2026)

This challenge demonstrates how legacy API endpoints can introduce critical security vulnerabilities when not properly deprecated or secured. The application…

API Versioning Broken Authentication IDOR JWT Manipulation
Posted on 2026-01-15 20:40 5 min read

BugForge - Daily - Copy Pasta (Jan 14, 2026)

After registering a standard user, the application was mapped to understand how snippets are created and managed, with a focus on how snippet IDs are handled…

IDOR
Posted on 2026-01-14 19:48 3 min read

BugForge - Daily - Tanuki (Jan 13, 2026)

This challenge demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in the Tanuki flashcard application's statistics API endpoint. After…

IDOR
Posted on 2026-01-13 20:40 5 min read

BugForge - Daily - Ottergram (Jan 10, 2026)

The application exposes a GraphQL API with introspection enabled in production, allowing attackers to query the full API schema and discover sensitive…

Graphql Introspection IDOR Broken Access Control
Posted on 2026-01-10 20:00 5 min read

BugForge - Daily - Copy Pasta (Jan 7, 2026)

The CopyPasta application allows users to create and share code snippets with options to make them public or private. The snippet retrieval endpoint…

IDOR Broken Access Control
Posted on 2026-01-07 20:00 4 min read

BugForge - Daily - Cheesy Does It (Dec 29, 2025)

This vulnerability is an Insecure Direct Object Reference (IDOR) caused by missing server-side authorization checks when accessing order data. The…

IDOR
Posted on 2025-12-29 20:00 4 min read
Zw4rts

© 2026 Zw4rts. All rights reserved.