bug-bounty473
google371
microsoft318
facebook271
xss267
rce184
apple178
malware177
exploit165
cve122
account-takeover110
bragging-post102
phishing85
csrf85
privilege-escalation83
browser71
supply-chain69
stored-xss65
authentication-bypass64
dos64
react58
reflected-xss57
cloudflare52
reverse-engineering50
access-control48
node48
input-validation48
aws48
cross-site-scripting48
writeup47
docker46
ssrf45
smart-contract45
ethereum44
web-security43
sql-injection43
defi43
web343
oauth41
web-application41
lfi38
info-disclosure37
pentest37
race-condition37
idor35
burp-suite35
auth-bypass35
vulnerability-disclosure34
cloud34
html-injection33
0
8/10
bug-bounty
A researcher discovered a critical code injection vulnerability in a custom JavaScript-based macro language (Banan++) through an unsafe eval() call in the Union() function, which allowed execution of arbitrary JavaScript on the server. By injecting fetch() calls through an API parameter, they exploited this to extract AWS credentials and achieve complete account compromise (20 S3 buckets and 80 EC2 instances).
ssrf
code-injection
eval
javascript
aws-credentials
account-takeover
custom-dsl
server-side-javascript
nodejs
fetch-api
bug-bounty
privilege-escalation
ArticMonkey
Banan++
Gwendal Le Coguic
Hackerone
AWS
ReactJS
NodeJS