bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
bug-bounty
A comprehensive writeup documenting multiple race condition vulnerabilities discovered across major platforms including Cobalt.io, Facebook, Mega, and Keybase, demonstrating how concurrent requests can bypass security controls for unauthorized financial transactions, account confirmations, and resource redemptions. The article includes detailed exploitation techniques and timelines of responsible disclosure across various bug bounty programs.
race-condition
bug-bounty
web-security
concurrency-attack
api-vulnerability
bitcoin-withdrawal
email-confirmation
coupon-abuse
account-takeover
authorization-bypass
csrf
privilege-escalation
Josip Franjković
Cobalt.io
Facebook
Mega.nz
DigitalOcean
Keybase
Starbucks
Medium
LastPass
LetsEncrypt
HackerOne
DefuseSec
w3af
BlueHat
KITCTF