authorization-bypass

8 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0
O3
vulnerability

O3 bridge aggregators are vulnerable to token theft through callproxy parameter manipulation in exactInputSinglePToken(), allowing attackers to impersonate approved users and steal their funds when they've approved the aggregator with non-MAX amounts. The vulnerability affects all O3 aggregators across 10+ chains, though the team disputed the severity citing their frontend's default MAX approval behavior.

defi bridge token-theft authorization-bypass smart-contract-vulnerability uniswap ethereum cross-chain aggregator approval-vulnerability access-control impersonation bug-bounty patch
O3 O3EthereumUniswapV3Aggregator 0x561f712b4659be27efa68043541876a137da532b 0xC11073e2F3EC407a44b1Cff9D5962e6763F71187 0xdAC17F958D2ee523a2206206994597C13D831ec7 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 0x1337133713371337133713371337133713371337 0xDjango Immunefi Uniswap V3
trust-security.xyz · Trust · 4 hours ago · details
0
Adding anyone including non-friend and blocked people as co-host in personal event!
vulnerability

An IDOR vulnerability in Facebook Events allowed attackers to add any user—including non-friends and blocked contacts—as co-hosts to personal events by tampering with the co_hosts parameter in the event creation request. The vulnerability was patched by Facebook and rewarded $750 through their bug bounty program.

idor insecure-direct-object-references facebook web access-control authorization-bypass privilege-escalation social-engineering event-management parameter-tampering burp-suite
Facebook Binit Ghimire Bugreader BurpSuite OWASP ZAP
bugreader.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Disclose Private Dashboard Chart's name and data in Facebook Analytics
vulnerability

An IDOR vulnerability in Facebook Analytics allows users with analyst roles to access private dashboard charts by manipulating the chartID parameter in GraphQL requests, disclosing chart names and data intended only for the dashboard owner. The vulnerability exploits insufficient access control on a sub-option (chart info) within the main dashboard feature.

idor insecure-direct-object-references authorization-bypass facebook-analytics private-data-disclosure graphql access-control information-disclosure web-vulnerability
Facebook Sarmad Hassan AnalyticsChartDeleteMutation AnalyticsStoredAggregationChart
bugreader.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Deleting Anyone's Video Poll
bug-bounty

An IDOR vulnerability in Facebook's video poll feature allows attackers to delete polls from other users' videos by manipulating the deleted_poll_ids parameter in POST requests to the video editing endpoint.

idor insecure-direct-object-references authorization-bypass facebook web-application video-poll bug-bounty parameter-manipulation burpsuite
Dan Melamed Facebook Burpsuite
bugreader.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Race condition bugs on Facebook
bug-bounty

Researcher Josip Franjković documented multiple race condition vulnerabilities discovered in Facebook, DigitalOcean, and LastPass that allowed attackers to bypass single-action restrictions by sending concurrent requests—including inflating page reviews, creating multiple usernames, and redeeming promo codes multiple times. All bugs were subsequently fixed and disclosed through responsible disclosure timelines.

race-condition web-application-security bug-bounty timing-attack concurrent-request input-validation authorization-bypass account-manipulation promo-code-abuse ajax http-request-smuggling
Facebook DigitalOcean LastPass Josip Franjković GitHub Team Tasteless
josipfranjkovic.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Race condition on web
bug-bounty

A comprehensive writeup documenting multiple race condition vulnerabilities discovered across major platforms including Cobalt.io, Facebook, Mega, and Keybase, demonstrating how concurrent requests can bypass security controls for unauthorized financial transactions, account confirmations, and resource redemptions. The article includes detailed exploitation techniques and timelines of responsible disclosure across various bug bounty programs.

race-condition bug-bounty web-security concurrency-attack api-vulnerability bitcoin-withdrawal email-confirmation coupon-abuse account-takeover authorization-bypass csrf privilege-escalation
Josip Franjković Cobalt.io Facebook Mega.nz DigitalOcean Keybase Starbucks Medium LastPass LetsEncrypt HackerOne DefuseSec w3af BlueHat KITCTF
josipfranjkovic.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Google LFI on production servers in redacted.google.com
bug-bounty

A researcher discovered a local file inclusion (LFI) vulnerability on Google's production servers at springboard.google.com through directory enumeration and authorization bypass, escalating from an initial auth bypass to full LFI with admin privileges, ultimately earning a $13,337 bounty from Google's Vulnerability Reward Program.

local-file-inclusion lfi authorization-bypass authentication-bypass directory-enumeration bug-bounty google-vrp subdomain-enumeration fuzzing production-servers google springboard privilege-escalation web-security vulnerability-disclosure
Omar Espino omespino Google springboard.google.com cloudsearch.google.com Google VRP wfuzz domained masscan SecLists ESCAL8 Intigriti HackerOne CVE-2024-1234
omespino.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
An inconsistent CSRF
bug-bounty

A CSRF vulnerability was discovered in a web application's address deletion feature that lacked CSRF token protection, compounded by a predictable numeric addressId parameter that could be brute-forced via JavaScript to delete arbitrary user addresses. The researcher developed a proof-of-concept that sends hundreds of requests with sequential addressId values from a victim's browser to identify and delete their saved addresses.

csrf cross-site-request-forgery bug-bounty web-application-security account-takeover parameter-brute-force missing-csrf-token authorization-bypass account-manipulation javascript-exploit asp.net
Smaran Chand Nittam xyzcompany.com
smaranchand.com.np · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details