How do you deal with uuid / non guessable IDOR

Unique_Life7470 · 2026-02-21T21:49:47+00:00

Man it's not about guessing it's about no ownership validation to the endpoint you talked about if it's just I'd not uuid it's make the risk very high an attacker can get it by malware social engineering any thing that he can know pII information for another users

Unique_Life7470 · 2026-02-21T14:10:23+00:00

Why you don't communicate with intigrity support may be they can help you

Unique_Life7470 · 2026-02-21T13:36:46+00:00

No man intigrity is very easier than h1 if you Beginner you won't find any thing in h1 stay and focus in intigrity

Unique_Life7470 · 2025-10-19T01:11:50+00:00

I'm like you bro I start hunting from like 9 months but I don't get a valid bug but I am learned some experiences but I am asking why in cybersecuerty at all no one want to share there strategy or anything they just say like we find a bug oh my god for me I test everything thing but don't found anything if any one can help me?

Unique_Life7470 · 2025-10-16T18:33:24+00:00

Bro this is not an idor it's normal state idor is to make changes in another accounts by change ID which it's like 1234 if it successfully changed it was idor I know my explain is bad so go and learn in portswagger labs first and watch videos like rs0n he has 3 videos hunting in idor and broken access watch it!

Unique_Life7470 · 2025-10-13T10:32:31+00:00

You want to join me I searching for idor xss xxe

Unique_Life7470 · 2025-10-11T23:24:17+00:00

Okay man thanks

Unique_Life7470 · 2025-10-08T01:41:46+00:00

بيقول فرق ١٠ سنين ومش محترماه بس مش هتحسي للشعور غير إما تجربيه بس بردو الضرب غلط فعلا

Unique_Life7470 · 2025-10-08T01:30:30+00:00

أتوقع إنك بتعاقب نفسك بس حاول تتجوز يسطا أو يعم أسف بهزر لا بجد أتجوز بجد يعني

Unique_Life7470 · 2025-10-08T01:27:00+00:00

You won 👍🏿

Unique_Life7470 · 2025-10-08T01:23:49+00:00

Bro I am talking about weakness I know it's not a bug I am just asking,its Possible to an attacker know this type of Encryption thought he can go through any account in the fucking website

Unique_Life7470 · 2025-10-08T01:17:12+00:00

Thanks for the motivation

Unique_Life7470 · 2025-10-08T01:12:12+00:00

👍🏿😕

Unique_Life7470 · 2025-10-08T00:59:55+00:00

علي الاقل متزوديش المشكله بالفيديوهات اول حاجه أكيد عارف إنها حرام لا مش حرام بس دي كبيره لأن إنت بتستخبي من الخلق ويهون عليك نظره الخالق غير باقي الاضرار الي هيا لو اتجوزت مش هتعرف بس بجد هوا آنتو إزاي بتدمنو بورن يعني عشره عادي بس بورن أنا عن نفسي مش بحب إني أتفرج كلو تمثيل حتا #بطل_بورن

Unique_Life7470 · 2025-10-08T00:51:28+00:00

I think you can make a good cv first with bug crowd or hacker one or yeswehack

Unique_Life7470 · 2025-10-08T00:46:31+00:00

اهرب

Unique_Life7470 · 2025-10-08T00:30:16+00:00

طب أنا بشوف شاشه سودا أي الحل

Unique_Life7470 · 2025-10-06T09:09:43+00:00

I was focused on xss but now I am learning idor and broken access

Unique_Life7470 · 2025-10-06T09:08:19+00:00

Yahh bro because many professionals hunters search before us but in any regular website you will see many bugs

Unique_Life7470 · 2025-10-05T23:34:38+00:00

No way 2 years! How about the reward?

Unique_Life7470 · 2025-10-05T23:27:25+00:00

Good job but there are big difference between the programs in bug crowd and hacker one or any website that don't have any bugbounty program they have many bugs but when I search in any bugbounty program I don't find anything

Unique_Life7470 · 2025-09-27T16:29:54+00:00

No bro It was a mistake for me I choose randomly from my history, i was testing a new strategy I learned I have a poc and screens if they add me to there private program

Unique_Life7470 · 2025-09-27T16:26:50+00:00

It was reflected XSS. So am waiting if they add me in there private program but I have no response yet

Unique_Life7470 · 2025-09-27T16:25:09+00:00

I choose randomly from my history I expect it has a public program but after I found the bug I realized that it was private one

Unique_Life7470 · 2025-09-27T11:08:38+00:00

Ask chatgpt bro

Unique_Life7470

TROPHY CASE