bug-bounty460
xss231
bragging-post117
rce87
microsoft82
google81
account-takeover81
open-source79
csrf77
authentication-bypass76
facebook75
stored-xss74
web-security64
reflected-xss63
access-control61
apple59
ai-agents59
privilege-escalation58
input-validation51
defi48
sql-injection48
cross-site-scripting47
smart-contract47
ethereum44
api-security42
information-disclosure41
web-application39
privacy39
tool37
ssrf36
burp-suite36
malware34
llm34
automation34
html-injection33
smart-contract-vulnerability33
vulnerability-disclosure33
web333
responsible-disclosure32
phishing32
opinion31
waf-bypass31
denial-of-service30
cve30
idor29
machine-learning29
code-generation28
authentication27
remote-code-execution26
infrastructure25
0
5/10
bug-bounty
A bug bounty finding demonstrating a 2FA bypass via forced browsing by directly accessing an unprotected signup endpoint (/_ajax/signup instead of /_api/signup/verify), allowing account creation without OTP verification by modifying the API request to include password field.
2fa-bypass
forced-browsing
authentication-bypass
api-endpoint-manipulation
otp-bypass
email-verification-bypass
burp-suite
web-application-security
account-creation-vulnerability
Akhil
Burp Suite
HackerOne
Bugcrowd
0
6/10
bug-bounty
A researcher escalated a P5 email verification race condition vulnerability to a P2 blind XSS by chaining it with a profile display feature that revealed unverified emails to administrators, ultimately achieving session hijacking and a $1000+ bounty.
race-condition
email-verification-bypass
xss
self-xss
blind-xss
bug-chaining
session-hijacking
bug-bounty
account-takeover
web-security
bragging-post
Mohamed Daher
Bugcrowd
xsshunter.com
Burp
0
2/10
A writeup about the author's first bug bounty finding involving an email verification bypass, but the provided excerpt contains no technical details, methodology, or substantive content.