bug-bounty505
xss268
rce153
google149
bragging-post117
facebook112
microsoft112
account-takeover111
exploit91
malware88
csrf86
privilege-escalation85
open-source81
cve80
authentication-bypass80
stored-xss75
reflected-xss63
apple63
web-security63
ai-agents63
access-control63
phishing58
input-validation53
sql-injection49
cross-site-scripting49
defi48
smart-contract48
ssrf46
ethereum45
reverse-engineering45
api-security44
writeup43
information-disclosure43
tool40
dos40
web-application38
privacy38
vulnerability-disclosure37
cloudflare37
web337
browser37
burp-suite37
automation35
lfi34
opinion34
llm34
html-injection33
responsible-disclosure33
supply-chain33
race-condition33
0
5/10
bug-bounty
A bug bounty finding demonstrating a 2FA bypass via forced browsing by directly accessing an unprotected signup endpoint (/_ajax/signup instead of /_api/signup/verify), allowing account creation without OTP verification by modifying the API request to include password field.
2fa-bypass
forced-browsing
authentication-bypass
api-endpoint-manipulation
otp-bypass
email-verification-bypass
burp-suite
web-application-security
account-creation-vulnerability
Akhil
Burp Suite
HackerOne
Bugcrowd