api-vulnerability

3 articles

Sort: New Top Best

bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10

Attacking helpdesk RCE chain on deskpro with bitdefender

vulnerability

Research demonstrating a complete RCE attack chain on DeskPro helpdesk software through multiple chained vulnerabilities: insufficient API access control (leaking JWT secrets and admin config), and insecure deserialization in the template editor. The exploit was demonstrated against Bitdefender's support center, achieving remote code execution from an unauthenticated user registration.

rce remote-code-execution helpdesk deskpro access-control insufficient-access-control api-vulnerability insecure-deserialization privilege-escalation jwt authentication-bypass template-injection twig php-deserialization pop-gadgets credential-exposure email-credentials ticket-system on-premise self-hosted

CVE-2020-11465 CVE-2020-11463 CVE-2020-11466 CVE-2020-11464 CVE-2020-11467 DeskPro Bitdefender osTicket Kayako PHP Live! Freelancer Inc Redforce Web Security

blog.redforce.io · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details

Airbnb chaining third party open redirect into SSRF via liveperson chat

vulnerability

Researchers discovered an SSRF vulnerability on Airbnb by chaining a third-party open redirect in LivePerson's chat integration, leveraging automated JavaScript endpoint discovery and LivePerson's visitorWantsToChat API parameter to redirect internal API requests to attacker-controlled URLs. Additionally, relative path traversal via encoded backslashes in the path parameter enabled access to non-API endpoints on the LivePerson domain.

ssrf open-redirect server-side-request-forgery path-traversal api-vulnerability third-party-integration liveperson javascript-reconnaissance endpoint-discovery vulnerability-chaining

Airbnb LivePerson Ben Sadeghipour Brett Buerhaus

buer.haus · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details

Race condition on web

bug-bounty

A comprehensive writeup documenting multiple race condition vulnerabilities discovered across major platforms including Cobalt.io, Facebook, Mega, and Keybase, demonstrating how concurrent requests can bypass security controls for unauthorized financial transactions, account confirmations, and resource redemptions. The article includes detailed exploitation techniques and timelines of responsible disclosure across various bug bounty programs.

race-condition bug-bounty web-security concurrency-attack api-vulnerability bitcoin-withdrawal email-confirmation coupon-abuse account-takeover authorization-bypass csrf privilege-escalation

Josip Franjković Cobalt.io Facebook Mega.nz DigitalOcean Keybase Starbucks Medium LastPass LetsEncrypt HackerOne DefuseSec w3af BlueHat KITCTF

josipfranjkovic.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details