bragging-post

7 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0 5/10
How I bypassed 2fa in a 3 years old private program!
bug-bounty

Researcher bypassed 2FA on a private program by discovering that the 2FA verification endpoint did not validate the Google Captcha header (unlike the login endpoint), allowing brute-force of TOTP codes within the 59-second window using 888 threads in Burp Intruder.

2fa-bypass totp-brute-force authentication captcha-bypass rate-limiting burp-suite google-authenticator bragging-post
Google Authenticator Burp Pro Turbo Intruder
shivangx01b.github.io · kh4sh3i/bug-bounty-writeups · 4 hours ago · details
0 3/10
OpenZeppelin
bragging-post

Security researcher's portfolio showcasing multiple critical vulnerability disclosures in DeFi and NFT smart contracts, primarily focused on proxy vulnerabilities (UUPS), uninitialized logic contracts, and access control issues that collectively protected over $50M in TVL. While demonstrating significant impact, the article lacks technical depth and primarily lists findings with references to external postmortems rather than detailed exploitation methodology.

smart-contract-security bug-bounty defi-vulnerabilities proxy-vulnerabilities uups-proxy delegatecall access-control uninitialized-variables arbitrary-delegatecall selfdestruct token-theft erc20 mint-function bragging-post
OpenZeppelin 88mph Polygon KeeperDAO Rivermen NFT iosiro Immunefi Alchemix Ondo Finance pxMythics abwagmi AxonsToken Code4rena yAcademy Curve Finance Ashiq Amien Dedaub
ashiq.co.za · Ashiq Amien · 4 hours ago · details
0 2/10
abwagmi
bragging-post

Portfolio page showcasing multiple critical smart contract vulnerabilities disclosed across DeFi protocols, including UUPS proxy initialization flaws, access control bypasses, and token theft vectors. While listing numerous bug bounty successes (>$6.5m rescued), it provides minimal technical depth and primarily serves as credentials summary.

smart-contract-vulnerability defi bug-bounty access-control proxy-vulnerability delegatecall uups-proxy token-theft arbitrary-code-execution uninitialized-contract bragging-post vulnerability-disclosure
88mph Polygon KeeperDAO Rivermen NFT OpenZeppelin abwagmi AxonsToken pxMythics Alchemix Ondo Finance Code4rena Immunefi iosiro Hack South YesWeHack BSides Cape Town Damn Vulnerable DeFi yAcademy TrustX Curve Finance
ashiq.co.za · Ashiq Amien · 4 hours ago · details
0 2/10
Polygon
bragging-post

A portfolio page showcasing multiple critical smart contract vulnerability disclosures across DeFi protocols (88mph, Polygon, KeeperDAO, Alchemix, Ondo Finance) and bug bounty wins totaling over $6.5M in rescued funds, with brief technical descriptions of UUPS proxy exploits, access control flaws, and token theft vulnerabilities.

bug-bounty smart-contract defi vulnerability-disclosure proxy-contract access-control uups-proxy delegatecall nft token-theft denial-of-service uninitialized-contract arbitrary-code-execution solidity bragging-post
88mph Polygon KeeperDAO Rivermen NFT OpenZeppelin abwagmi AxonsToken pxMythics Alchemix Ondo Finance Code4rena yAcademy Immunefi iosiro BSides Cape Town Underhanded Solidity Contest Curve Finance
ashiq.co.za · Ashiq Amien · 4 hours ago · details
0 2/10
pxMythics
bug-bounty

Portfolio page showcasing multiple critical smart contract vulnerabilities disclosed across DeFi/NFT protocols, including access control flaws, uninitialized UUPS proxies enabling arbitrary delegatecalls, and broken token transfer functions. Author details bounty payouts and rescued funds across 88mph, Polygon, KeeperDAO, and other projects, with limited technical depth on each vulnerability.

smart-contract-vulnerability access-control defi proxy-vulnerabilities uups-proxy delegatecall bug-bounty vulnerability-disclosure solidity nft token-theft dos uninitialized-proxy arbitrary-delegatecall selfdestruct bragging-post
pxMythics 88mph Polygon KeeperDAO Rivermen NFT OpenZeppelin abwagmi AxonsToken Alchemix Ondo Finance Code 4rena Immunefi iosiro Damn Vulnerable DeFi Decently Safe DeFi yAcademy Curve Finance BSides Cape Town Dedaub Ashiq Amien
ashiq.co.za · Ashiq Amien · 4 hours ago · details
0 1/10
-
bragging-post

A portfolio/services page by security auditor Kiki showcasing 50+ smart contract audits and 15+ bug bounties across DeFi protocols, with client testimonials and links to published audit reports, primarily for lending/staking/perpetual trading protocols.

bragging-post smart-contract-audit defi bug-bounty security-research
Kiki Enigma Dark Bail Security Guardian Audits Stable Jack Gloop Hyperdrive Camelot Silo Finance Arrakis Finance Ambit Finance GMX Synthetix Orderly Umami EigenLayer
github.com · Kiki · 4 hours ago · details
0 1/10
36k Google app engine RCE
bragging-post

A brief mention of a $36,000 bug bounty for a remote code execution vulnerability in Google App Engine, but with no technical details provided.

bragging-post rce google-app-engine bug-bounty
Google Google App Engine
sites.google.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details