IDOR

3 articles

Browse all articles about IDOR. Explore expert insights and research from the Shinobi team.

One Parameter to Rule Them All: How a User Flaw Unlocked an Admin Fortress

How Shinobi exploited a single vulnerable parameter in an EV charging platform to cross security boundaries and gain full administrative access.

Abhishek Gehlot

2025-10-06

9 min read

IDOR

Authorization

The Ghost in the API: How Shinobi Turned a Single Flaw into Super Admin Access

A journey through an IoT platform where learning from rejection led to uncovering a complete authorization breakdown and a hidden Super Admin account.

Abhishek Gehlot

2025-10-06

10 min read

IDOR

Data Privacy

More Than an Invoice: How Shinobi Averted a Child Safety Crisis

How an AI pentester turned a routine test on a holiday camp booking app into the prevention of a serious child safety and data privacy incident by uncovering a critical IDOR vulnerability.

Abhishek Gehlot

2025-10-06

8 min read