bug-bounty449
google354
xss340
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post84
csrf83
browser77
writeup76
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
ssrf51
docker51
phishing50
aws48
access-control47
oauth45
smart-contract45
supply-chain44
ethereum43
web342
defi42
sql-injection41
lfi37
idor35
vulnerability-disclosure32
smart-contract-vulnerability32
info-disclosure31
race-condition31
burp-suite31
web-application31
reverse-engineering31
clickjacking31
wordpress30
information-disclosure29
cloud29
input-validation29
web-security28
reflected-xss27
solidity27
0
8/10
bug-bounty
A researcher discovered a critical code injection vulnerability in a custom JavaScript-based macro language (Banan++) through an unsafe eval() call in the Union() function, which allowed execution of arbitrary JavaScript on the server. By injecting fetch() calls through an API parameter, they exploited this to extract AWS credentials and achieve complete account compromise (20 S3 buckets and 80 EC2 instances).
ssrf
code-injection
eval
javascript
aws-credentials
account-takeover
custom-dsl
server-side-javascript
nodejs
fetch-api
bug-bounty
privilege-escalation
ArticMonkey
Banan++
Gwendal Le Coguic
Hackerone
AWS
ReactJS
NodeJS