bug-bounty497
xss257
rce136
google132
bragging-post117
account-takeover107
facebook101
microsoft101
privilege-escalation87
authentication-bypass83
csrf83
malware82
open-source82
stored-xss75
cve69
exploit67
access-control67
web-security64
ai-agents64
reflected-xss63
apple62
phishing58
input-validation53
sql-injection50
cross-site-scripting49
smart-contract48
defi48
api-security47
ethereum45
ssrf44
reverse-engineering44
information-disclosure43
privacy41
web-application39
tool38
vulnerability-disclosure38
dos38
burp-suite37
writeup37
cloudflare36
automation35
responsible-disclosure34
opinion34
web334
llm34
smart-contract-vulnerability33
idor33
html-injection33
ai-security33
race-condition32
0
5/10
bug-bounty
A bug bounty researcher demonstrates an account takeover vulnerability combining stored XSS, information disclosure (API key leakage via group chat endpoints), and JSON-based CSRF using XMLHttpRequest to escalate from low-privilege user to admin account takeover. The attack exploited lack of CSRF protection on API endpoints that relied solely on API key validation.
csrf
json-based-csrf
account-takeover
api-security
cors-misconfiguration
information-disclosure
xss
stored-xss
api-key-leakage
privilege-escalation
bug-bounty
bragging-post
shub rathore
sil3nt_4unt3r
HackerOne
Bugcrowd