bug-bounty450
google358
microsoft315
facebook265
xss239
apple181
malware172
rce149
exploit131
bragging-post101
cve99
account-takeover93
phishing82
csrf79
privilege-escalation77
stored-xss64
supply-chain64
authentication-bypass62
dos60
reflected-xss57
browser56
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting47
access-control47
docker46
smart-contract45
node45
aws45
web344
ethereum43
sql-injection42
defi42
web-security40
ssrf40
web-application39
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure34
race-condition33
cloud33
buffer-overflow33
html-injection33
smart-contract-vulnerability32
oauth32
writeup32
information-disclosure30
0
8/10
vulnerability
Researcher demonstrates escalation of a subdomain takeover on impact.postmates.com (GitHub pages vulnerability) into session cookie theft by leveraging document.domain relaxation in the parent domain postmates.com, enabling account takeover despite the subdomain being out-of-scope. The technique exploits the fact that if the main domain explicitly sets document.domain, a compromised subdomain can set it to match and access sensitive cookies via JavaScript.
subdomain-takeover
document-domain
same-origin-policy
cookie-theft
session-hijacking
account-takeover
github-pages-takeover
javascript-exploitation
cors-bypass
x-frame-options-bypass
dom-access
Postmates
HackerOne
Synack
impact.postmates.com
raster-static.postmates.com
GitHub