Скачать с ютуб Finding Your First Bug: Manual IDOR Hunting в хорошем качестве
Finding Your First Bug: Manual IDOR Hunting
5 лет назад
bug bounty
burp
hackerone
cyber security
hacking
bugcrowd
tutorial
bug hunting
education
learn
infosec
cyber
security
pentesting
pentration testing
idor
finding your first bug
insiderphd
insecure
direct
object
reference
get started
bug bounties
pentesting website
bug bounty hunting
bug bounty live
bug bounty tutorial
cyber security training for beginners
ethical hacker course
ethical hacking
hacking tutorial
Скачать бесплатно и смотреть ютуб-видео без блокировок Finding Your First Bug: Manual IDOR Hunting в качестве 4к (2к / 1080p)
У нас вы можете посмотреть бесплатно Finding Your First Bug: Manual IDOR Hunting или скачать в максимальном доступном качестве, которое было загружено на ютуб. Для скачивания выберите вариант из формы ниже:
Загрузить музыку / рингтон Finding Your First Bug: Manual IDOR Hunting в формате MP3:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
Finding Your First Bug: Manual IDOR Hunting
Hi everyone, welcome to the third video in the "Finding Your First Bug" in this series I'm going to go over some good first bugs: explain what they are, how to find them, show some examples of real bugs in the wild that paid out and finally do a practical example with Burp on a real target. In this video, we'll be talking about IDORs (Insecure Direct Object Reference), which is a fancy term for 'the application didn't authenticate an endpoint correctly'. These are great first bugs, they don't require any technical knowledge and you can just use burp to find them. 0:00 - Theory: what is an IDOR and how to find them 8:21 - Case studies: 7 examples of IDORs which have paid out 27:28 - Practical Burp: Looking at the Hacker101 CTF level "postbook" -- Case Studies -- Response program can create bounty table - $500: https://hackerone.com/reports/460920 [IDOR] Deleting other people's tasks - $300: https://hackerone.com/reports/293845 IDOR bug to See hidden slowvote of any user even when you dont have access right - $300: https://hackerone.com/reports/661978 Bypass of my three other reports #267636 + #255894 + #271861 - (IDOR) Ability to see full name associated with other New Relic accounts - $1,500: https://hackerone.com/reports/320173 and https://www.jonbottarini.com/2018/01/... Replace other user files in Inbox messages - $1,000: https://hackerone.com/reports/322661 Low Privileged user able to add new Geographical settings to the Admin account. - $750: https://hackerone.com/reports/420130 Validation message in Bounty award endpoint can be used to determine program balances - $1,500: https://hackerone.com/reports/293299 IDOR to add secondary users in www.paypal.com/businessmanage/users/api/v1/users - $10,500: https://hackerone.com/reports/415081 -- You Should Also Watch -- Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty) - STÖK - • Burp Suite tutorial: IDOR vulnerabili... -- Social Media -- Twitter: / insiderphd
Comments
![[Part I] Bug Bounty Hunting for IDORs and Access Control Violations](https://i.ytimg.com/vi/BfbS8uRjeAg/mqdefault.jpg)
![[Part II] Bug Bounty Hunting for IDORs and Access Control Violations](https://i.ytimg.com/vi/jTdqM2aO4Ys/mqdefault.jpg)
