bug-bounty405
google392
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post55
authentication-bypass54
cloudflare51
node51
ssrf49
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
lfi35
idor35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
auth-bypass29
wordpress29
clickjacking29
solidity27
subdomain-takeover27
vulnerability-disclosure25
web-application24
sqli23
0
6/10
bug-bounty
A critical IDOR vulnerability discovered through accidental observation of different URL parameter flows in a change-password endpoint, allowing unauthorized access to other users' accounts and subsequent email modification for account takeover.
idor
broken-access-control
account-takeover
parameter-fuzzing
authentication-bypass
bug-bounty
web-application
Harsh Bothra
OWASP TOP 10
targetsub.com
0
7/10
bug-bounty
A site-wide CSRF vulnerability was discovered on a popular program where the backend accepted form-encoded payloads (application/x-www-form-urlencoded) despite expecting JSON, because the server failed to strictly validate the Content-Type header. The attacker bypassed the false assumption that JSON-only handling would prevent CSRF by sending traditional form-based CSRF payloads.
csrf
content-type-validation
json-parsing
broken-access-control
bug-bounty
web-security
api-security
Ajinkya Pathare