api-endpoint-manipulation

1 article
sort: new top best
clear filter
bug-bounty505 xss267 rce152 google137 bragging-post117 account-takeover111 microsoft104 facebook103 csrf86 privilege-escalation85 exploit83 malware83 open-source81 authentication-bypass80 cve78 stored-xss75 access-control63 reflected-xss63 web-security63 ai-agents63 phishing58 apple57 input-validation53 cross-site-scripting49 sql-injection49 defi48 smart-contract48 ssrf46 ethereum45 reverse-engineering44 api-security44 writeup43 information-disclosure43 tool40 dos39 privacy38 web-application38 burp-suite37 cloudflare37 vulnerability-disclosure37 web336 automation35 opinion34 llm34 html-injection33 responsible-disclosure33 smart-contract-vulnerability33 waf-bypass32 machine-learning32 race-condition32
0 5/10
2FA Bypass via Forced Browsing
bug-bounty

A bug bounty finding demonstrating a 2FA bypass via forced browsing by directly accessing an unprotected signup endpoint (/_ajax/signup instead of /_api/signup/verify), allowing account creation without OTP verification by modifying the API request to include password field.

2fa-bypass forced-browsing authentication-bypass api-endpoint-manipulation otp-bypass email-verification-bypass burp-suite web-application-security account-creation-vulnerability
Akhil Burp Suite HackerOne Bugcrowd
infosecwriteups.com · kh4sh3i/bug-bounty-writeups · 14 hours ago · details