bug-bounty491
xss282
google170
microsoft149
rce138
facebook137
bragging-post115
account-takeover101
apple93
exploit92
csrf85
authentication-bypass76
stored-xss75
open-source66
privilege-escalation64
reflected-xss63
writeup62
access-control58
web-security57
ai-agents53
cve53
ssrf51
malware51
input-validation51
cross-site-scripting48
defi48
smart-contract47
ethereum44
sql-injection44
browser39
web-application38
api-security38
information-disclosure37
oauth36
burp-suite36
web334
react33
smart-contract-vulnerability33
lfi33
tool33
dos32
docker32
html-injection32
responsible-disclosure31
aws31
vulnerability-disclosure31
waf-bypass31
idor30
phishing30
llm29
0
6/10
A subdomain takeover vulnerability in flock.co where newdev.flock.co was pointed to an unclaimed readme.io custom domain, allowing the attacker to register a readme.io project and claim the subdomain through misconfigured DNS CNAME records without ownership verification.
subdomain-takeover
dns-misconfiguration
custom-domain
cname-record
third-party-service
domain-takeover
readme.io
flock.com
flock.com
flock.co
newdev.flock.co
readme.io
cname.readme.io