- Portswigger Access Control
- Broken Access Control on samsung.com subdomain leads to Mass Account Takeover of Samsung employees application accounts
- Misconfigured S3 Bucket Access Controls to Critical Vulnerability
- Dank Writeup On Broken Access Control On An Indian Startup
- Complete information disclosure using Broken Access Control
- Tale of account takeover — Sensitive info Disclosure + Broken Access Control
- Missing access control at play store
- Responsible disclosure: improper access control in Gitlab private project.
- Turning Self XSS to good XSS via access control
- Bypassing Access Control in a Program on Hackerone !!
- [Twitter Bug Bounty] Misconfigured JSON endpoint on ads.twitter.com lead to Access control issue and Information Disclosure of role privileged users.
- Broken Access Control in bingmapsportal !!!