bug-bounty488
google318
xss283
microsoft259
facebook226
rce175
apple153
exploit147
malware112
account-takeover109
bragging-post102
cve92
csrf85
privilege-escalation81
authentication-bypass66
stored-xss65
writeup63
phishing60
reflected-xss57
dos57
browser57
react53
ssrf52
access-control51
supply-chain49
input-validation49
cross-site-scripting48
cloudflare48
aws47
node46
smart-contract45
docker45
sql-injection45
ethereum44
web-application43
defi43
web-security43
oauth42
reverse-engineering42
web340
lfi37
burp-suite36
idor36
vulnerability-disclosure35
html-injection33
race-condition33
smart-contract-vulnerability32
csp-bypass32
information-disclosure31
clickjacking31
0
7/10
vulnerability
Ribose had an IDOR vulnerability allowing attackers to delete or modify other users' profile photos by simply changing the user ID in DELETE/POST requests while reusing their own valid CSRF token and session, effectively bypassing authorization checks.
idor
csrf
authorization-bypass
session-management
profile-photo
account-takeover
unrestricted-deletion
unrestricted-upload
Ribose