← All tags

#IDOR

13 posts

BugForge - Daily - Ottergram (Feb 28, 2026)

The Ottergram application contains an HTTP Verb Tampering vulnerability combined with an Insecure Direct Object Reference (IDOR) flaw in its comment…

Broken Access Control IDOR Http Verb Tampering
Posted on 2026-02-28 19:00 5 min read
BugForge - Daily - Ottergram

BugForge - Daily - Gift Lab (Feb 19, 2026)

The Gift Lab application contains an Insecure Direct Object Reference (IDOR) vulnerability in its list sharing functionality. The application generates…

Broken Access Control IDOR
Posted on 2026-02-19 19:00 4 min read
BugForge - Daily - Gift Lab

BugForge - Daily - Cafe Club (Feb 8, 2026)

This challenge exploits an Insecure Direct Object Reference (IDOR) vulnerability in the profile password update functionality. The application includes the…

IDOR
Posted on 2026-02-08 19:00 4 min read
BugForge - Daily - Cafe Club

BugForge - Daily - Ottergram (Jan 31, 2026)

The Ottergram application contains an Insecure Direct Object Reference (IDOR) vulnerability in its profile update functionality. While the application…

IDOR Broken Access Control
Posted on 2026-01-31 20:00 4 min read
BugForge - Daily - Ottergram

BugForge - Daily - Tanuki (Jan 27, 2026)

This challenge demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in the profile update functionality. The application passes the username…

IDOR Broken Access Control
Posted on 2026-01-27 20:00 4 min read
BugForge - Daily - Tanuki

BugForge - Daily - Copy Pasta (Jan 21, 2026)

This issue is a classic example of broken access control caused by trusting user-supplied object identifiers. A password reset endpoint accepts a userId…

Broken Access Control IDOR
Posted on 2026-01-21 20:00 4 min read
BugForge - Daily - Copy Pasta

BugForge - Daily - Ottergram (Jan 17, 2026)

This walkthrough demonstrates how an Insecure Direct Object Reference (IDOR) can surface in real-time features by moving beyond basic HTTP endpoints and…

Web Sockets IDOR
Posted on 2026-01-17 19:25 3 min read
BugForge - Daily - Ottergram

BugForge - Daily - Sokudo (Jan 15, 2026)

This challenge demonstrates how legacy API endpoints can introduce critical security vulnerabilities when not properly deprecated or secured. The application…

API Versioning Broken Authentication IDOR JWT Manipulation
Posted on 2026-01-15 20:40 5 min read
BugForge - Daily - Sokudo

BugForge - Daily - Copy Pasta (Jan 14, 2026)

After registering a standard user, the application was mapped to understand how snippets are created and managed, with a focus on how snippet IDs are handled…

IDOR
Posted on 2026-01-14 19:48 3 min read
BugForge - Daily - Copy Pasta

BugForge - Daily - Tanuki (Jan 13, 2026)

This challenge demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in the Tanuki flashcard application's statistics API endpoint. After…

IDOR
Posted on 2026-01-13 20:40 5 min read
BugForge - Daily - Tanuki

BugForge - Daily - Ottergram (Jan 10, 2026)

The application exposes a GraphQL API with introspection enabled in production, allowing attackers to query the full API schema and discover sensitive…

Graphql Introspection IDOR Broken Access Control
Posted on 2026-01-10 20:00 5 min read
BugForge - Daily - Ottergram

BugForge - Daily - Copy Pasta (Jan 7, 2026)

The CopyPasta application allows users to create and share code snippets with options to make them public or private. The snippet retrieval endpoint…

IDOR Broken Access Control
Posted on 2026-01-07 20:00 4 min read
BugForge - Daily - Copy Pasta

BugForge - Daily - Cheesy Does It (Dec 29, 2025)

This vulnerability is an Insecure Direct Object Reference (IDOR) caused by missing server-side authorization checks when accessing order data. The…

IDOR
Posted on 2025-12-29 20:00 4 min read
BugForge - Daily - Cheesy Does It
Zw4rts

© 2026 Zw4rts. All rights reserved.

GitHub