Gone in a Click: IDOR Vulnerabilities in Image Upload Function

Insecure Direct Object Reference (IDOR)

Mostly I do hunting on weekends so while hunting on one program let’s consider the program as a redacted.com so while hunting on a platform within a three hours I got 3–4 IDOR vulnerabilities with full account takeover (Regarding account takeover I will write about it later in detail). Let’s see how was the approach in discovering it, so after creating the account I started looking for vulnerabilities while going through the website features and functionalities.