bug-bounty438
google354
xss345
microsoft282
facebook246
apple172
exploit163
rce160
malware102
account-takeover95
cve91
csrf83
bragging-post80
writeup79
browser77
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
ssrf51
docker51
phishing49
aws48
access-control47
smart-contract45
oauth45
supply-chain44
ethereum43
defi42
web342
sql-injection41
lfi37
idor34
smart-contract-vulnerability32
web-application31
race-condition31
reverse-engineering31
info-disclosure31
clickjacking31
wordpress30
vulnerability-disclosure30
cloud29
burp-suite28
information-disclosure28
solidity27
web-security27
ctf26
responsible-disclosure26
0
7/10
A researcher chained improper authorization with a race condition to harvest credit card details from an e-commerce checkout page. By rapidly multi-threading requests to a checkout URL while a victim submitted their payment information, the attacker could receive server responses containing full credit card and personal details before redirect, bypassing the need for form submission errors.
race-condition
improper-authorization
information-disclosure
credit-card-data-leakage
checkout-vulnerability
logic-flaw
multi-threaded-attack
server-side-validation-bypass
session-handling-flaw
Mandeep Jadon
Burp Intruder