Broken Access Control — Beyond The Basics

Thexssrat
7 min readJul 8, 2021

Introduction

In this article i will be going over Broken Access Control(BAC) which also includes IDOR. Some might see this as a separate issue type but in reality IDORs are simply another form of BAC.

BAC is a beautiful issue type and i think it’s often overlooked in bug bounties but you have to pick the right target of course! You target needs at least:

  • To create accounts or give you accounts
  • Different privilege levels
  • Direct object references for…

--

--

Thexssrat

No b*llshit Hacking tutorials with extreme value in short bursts