PentesterLand

I love Bug Bounty because it has helped me get everything I desire and build them myself #bugbounty_results

For join to class and register send message on telegram to: pentesterland_supporter

Tomorrow at 6:00 PM UAE time, this class will begin. The goal is to teach all possible topics from foundational to advanced levels, turn them into a customized methodology, and ultimately apply them to high-value targets and public bug bounty platforms. #pentest #bugbounty

@Fabrikat0r For join to class and register send message on telegram to: pentesterland_supporter

@PentesterLandEn Where to watch or signup

@TheMsterDoctor1 18. Int to float 19. Reservation second order idor I recorded for both senario on real targets and chain by second order attacks on YouTube channel

# Insecure Direct Object Reference (IDOR) ## **Introduction** IDOR stands for Insecure Direct Object Reference is a security vulnerability in which a user is able to access and make changes to data of any other user present in the system. ## **How to Find** 1. Add parameters onto the endpoints for example, if there was ``` GET /api/v1/getuser [...] ``` Try this to bypass ``` GET /api/v1/getuser?id=1234 [...] ``` 2. HTTP Parameter pollution ``` POST /api/get_profile [...] user_id=hacker_id&user_id=victim_id ``` 3. Add .json to the endpoint ``` GET /v2/GetData/1234 [...] ``` Try this to bypass ``` GET /v2/GetData/1234.json [...] ``` 4. Test on outdated API Versions ``` POST /v2/GetData [...] id=123 ``` Try this to bypass ``` POST /v1/GetData [...] id=123 ``` 5. Wrap the ID with an array. ``` POST /api/get_profile [...] {"user_id":111} ``` Try this to bypass ``` POST /api/get_profile [...] {"id":[111]} ``` 6. Wrap the ID with a JSON object ``` POST /api/get_profile [...] {"user_id":111} ``` Try this to bypass ``` POST /api/get_profile [...] {"user_id":{"user_id":111}} ``` 7. JSON Parameter Pollution ``` POST /api/get_profile [...] {"user_id":"hacker_id","user_id":"victim_id"} ``` 8. Try decode the ID, if the ID encoded using md5,base64,etc ``` GET /GetUser/dmljdGltQG1haWwuY29t [...] ``` dmljdGltQG1haWwuY29t => victim@mail.com 9. If the website using graphql, try to find IDOR using graphql! ``` GET /graphql [...] ``` ``` GET /graphql.php?query= [...] ``` 10.  MFLAC (Missing Function Level Access Control) ``` GET /admin/profile ``` Try this to bypass ``` GET /ADMIN/profile ``` 11. Try to swap uuid with number ``` GET /file?id=90ri2-xozifke-29ikedaw0d ``` Try this to bypass ``` GET /file?id=302 ``` 12. Change HTTP Method ``` GET /api/v1/users/profile/111 ``` Try this to bypass ``` POST /api/v1/users/profile/111 ``` 13. Path traversal ``` GET /api/v1/users/profile/victim_id ``` Try this to bypass ``` GET /api/v1/users/profile/my_id/../victim_id ``` 14. Change request content type ``` Content-type: application/xml ``` Try this to bypass ``` Content-type: application/json ``` 15. Send wildcard instead of ID ``` GET /api/users/111 ``` Try this to bypass ``` GET /api/users/* ``` 16. Try google dorking to find new endpoint Reference: - [@swaysThinking](x.com/swaysthinking) and other medium writeup

I hope you enjoy my presentation. All labs are based on real POCs.(do”nt miss service hunting concept which method i earned 10k just for one report last month on public program on H1) youtu.be/QRoFIWwQUCI?si… Special tnx @HackwithIndiaa #bugbountytips #bugbountytip #bugbouny

For register and enjoy the conditions and receive a section of previous course(Bonus of @HackwithIndiaa live) You can send a message to the following address in Telegram: pentesterland_supporter #BugBounty #Pentest #redteam

A Broken Access Control scenario no one has talked about before. Not a recycled bug. Not a misconfiguration. A new access control logic pattern with real exploitation impact. 🔥 Watch: youtu.be/X3oj-nx6580?si… #bugbountytips #bugbountytip #bugbounty

@Rockpratapsingh 👌🏽Nice job

Radhe Radhe 🙏2025 ends with a bang—350+ valid bugs reported, tons learned, and good $$ earned! Hope you crushed your goals or stayed in the grind. Lessons from 2025 will make 2026 10x better!Wishing everyone growth, consistency, and success. Happy Hunting! #BugBounty

@amzarhaziq_mf Check post in instagram instagram.com/reel/DSXVKl7Do…

@PentesterLandEn I want the writeup

I created a writeup post with my language but if you add comment on this post on instagram it will send to your direct and you can use translations for change it to your language Just add comment on this post and check your : instagram.com/reel/DSXVKl7Do… #bugbountytips #BugBounty

@hunt_n27493 I hope you enjoy ❤️🙏🏼

@PentesterLandEn @PentesterLandEn Ok 😉

@Mohamme31752968 @codingo_ This raises a fundamental question: as Bugcrowd users, did we ever explicitly accept or even have visibility into Trolley’s policies? If these matters are problematic or non-compliant, why has the system been operating for years, only to result in sudden bans without warning?

@Mohamme31752968 @codingo_ The same issue happened to me as well. Without any prior warning or notification or any indication , i was suddenly blocked What’s particularly concerning is that Bugcrowd stated they are unable to resolve this issue and explicitly mentioned that responsibility lies with trolley

Hey #Bugcrowd @codingo_ community, I really need your help. My payment profile was recently blocked after being flagged for a payment issue. When I first started, I didn’t have my own bank account, so I used my cousin’s bank account. It was accepted by the system. #bugbountytips

@hshagshsu I published on youtube 3 days ago

@PentesterLandEn Congratulations by the way when your secret new broken access control technique video is coming which you mentioned ?

I love Bug Bounty because it has helped me get everything I desire and build them myself #bugbounty_results

@SirBagoza TnQ, but it wasn't that rare. Of course, it's much less common than a normal IDOR, but because of its 100% chance of being triaged, its output in terms of bounty amount was much higher than a IDOR. Just know about the application and the relationship between functions and objects

A good one! but this may happen in a veryyyyyyy rare case i guess Due to the ownership of this id and other user This actually requires a previous kind of mass assignment that allows you to control the id value in the request

@gkdataio ❤️🙏🏼

@PentesterLandEn Intersting attack vector and approach, thanks for sharing this.

@crypto_profit1 @Bugcrowd I recorded some of my tricks on YouTube channel, i will record about this, in the future

@PentesterLandEn @Bugcrowd you wrote weiteup for that ?

I earned $10,000 for my submission on @bugcrowd #ItTakesACrowd Extra bounty When the target pays more than the bounty amount, I’m like this: Do not miss the last video on YouTube channel: PentesterLandEn instagram.com/reel/DS1lHg7iC…

@GodfatherOrwa Thank you very much for your comment.❤️🙏🏼

Super amazing talk for BAC That’s so good

@First151394 @Bugcrowd You can send pm to pentesterland_supporter on telegram

@PentesterLandEn @Bugcrowd Boss, do you offer mentorship?🤲

@Rockpratapsingh @Bugcrowd 2025 was awsome for me and my students and it will be better in 2026

@PentesterLandEn @Bugcrowd congratulations brother🥳🥳 Happy ending of 2025:) still 2days left😁