The next bug or vulnerability that we're going to cover is Broken Access Control.

According to the OWASP Top 10 list, this is the most common security threat out there with 94% of the websites tested being vulnerable to some sort of a broken access control.

Broken access control is actually a really large category that contains a number of subcategories such as path traversal vulnerabilities, CSRF, IDOR and much more.

It's basically a general term that encapsulates any bug or vulnerability that allows you to access or modify data beyond your limits or permissions.

A simple example would be to be able to access or modify data that does not belong to you, that belongs to a different user.

Platforms like Uber, GitHub and Shopify were vulnerable to such vulnerabilities and they paid anything between 500 and 10's of 1000 of dollars to the hunters that discovered such vulnerabilities, obviously the amount of bounty depended on the impact and the severity of the bug.