hidden-parameters

1 article
sort: new top best
clear filter
bug-bounty451 google354 xss338 microsoft283 facebook246 apple171 exploit163 rce160 malware102 account-takeover95 cve91 bragging-post86 csrf83 browser77 writeup75 privilege-escalation68 react60 authentication-bypass57 cloudflare54 dos53 node52 docker51 ssrf51 phishing50 aws48 access-control47 oauth45 smart-contract45 supply-chain44 ethereum43 defi42 web342 sql-injection41 lfi37 idor35 vulnerability-disclosure32 smart-contract-vulnerability32 clickjacking31 burp-suite31 info-disclosure31 race-condition31 web-application31 reverse-engineering31 wordpress30 input-validation30 web-security29 information-disclosure29 cloud29 reflected-xss29 solidity27
0 5/10
Full account takeover worth $1000 Think out of the box
bug-bounty

Researcher discovered full account takeover vulnerability by chaining a missing CSRF token validation on the password change endpoint with a hidden 'uid' parameter discovered via Param Miner, allowing password changes for any user without authentication, resulting in a $1000 bounty.

account-takeover csrf parameter-discovery password-change hidden-parameters json-parameter-manipulation bragging-post
Mohsin Khan Param Miner Burp Suite James Kettle
mokhansec.medium.com · kh4sh3i/bug-bounty-writeups · 19 hours ago · details