Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover

zere.es · bugbountydaily · 6 months ago
0 net
Recently, while auditing the main application of a private bug bounty program, I discovered a Client-Side Path Traversal (CSPT) and a Cache Deception vulnerability. Individually, these issues were unexploitable and had no real impact. However, when chained together, I was able to demonstrate Account Takeover.
← Back to stories