bug-bounty480
google305
xss278
microsoft256
facebook214
rce162
apple153
exploit137
bragging-post102
account-takeover99
malware97
csrf84
cve82
privilege-escalation76
authentication-bypass66
stored-xss65
writeup61
reflected-xss57
browser55
react54
phishing53
ssrf51
dos51
access-control50
input-validation49
cloudflare49
cross-site-scripting48
docker46
node46
aws46
sql-injection45
smart-contract45
ethereum44
defi43
supply-chain43
web-application43
web-security43
oauth41
web339
reverse-engineering37
burp-suite36
idor35
lfi35
vulnerability-disclosure35
html-injection33
smart-contract-vulnerability32
race-condition32
clickjacking31
csp-bypass31
information-disclosure30
0
8/10
A reflected XSS vulnerability in a URL parameter was chained with multiple design flaws (tokens stored in localStorage, lack of token revocation across devices, authorization via headers instead of cookies) to achieve persistent account takeover by stealing and replaying Cognito refresh tokens. The attacker could silently exfiltrate authentication tokens while clearing localStorage to make the victim believe they were logged out.
xss
reflected-xss
account-takeover
ato
session-hijacking
token-theft
local-storage
authorization-header
amazon-cognito
javascript-injection
url-parameter-injection
multi-device-session-management
bug-bounty
vulnerability-chaining
Amazon Cognito
Milind Purswani
Yash Sodha
Angular