A researcher discovered a critical IDOR vulnerability in an e-commerce platform's address book functionality that allowed account takeover by manipulating user ID parameters in API requests, which was discovered after exploiting a stored XSS in the same feature.
A bug bounty writeup demonstrating unrestricted file upload leading to RCE by bypassing extension filters through MIME type manipulation in GET parameters, chaining with PUT requests, and exploiting alternative PHP extensions (phps, php3, php5) that bypass .php filtering to execute arbitrary code.
A researcher bypassed file upload restrictions by manipulating MIME type parameters in GET/PUT requests, ultimately achieving RCE through uploading a PHP backdoor with an alternative extension (php5/php7) after initial PNG/JPG restrictions were enforced.