bug-bounty507
xss286
rce144
bragging-post119
account-takeover104
google101
exploit94
open-source93
csrf85
authentication-bypass80
facebook75
microsoft75
stored-xss74
cve73
privilege-escalation72
access-control67
ai-agents64
web-security63
reflected-xss63
writeup58
ssrf52
input-validation52
malware51
sql-injection49
smart-contract48
defi48
cross-site-scripting47
tool46
ethereum45
privacy44
information-disclosure44
api-security41
phishing40
web-application38
lfi37
apple37
llm37
opinion36
burp-suite36
automation35
cloudflare34
idor33
infrastructure33
web333
vulnerability-disclosure33
oauth33
smart-contract-vulnerability33
responsible-disclosure33
html-injection33
machine-learning32
0
5/10
bug-bounty
Researcher bypassed 2FA on www.domain.com by intercepting the login request with Burp Suite, changing the Host header to beta.domain.com (a parallel subdomain without 2FA enforcement), and submitting an arbitrary code (000000) to successfully authenticate. The vulnerability stemmed from inconsistent 2FA implementation across subdomains, fixed within one day but without bounty payout.
2fa-bypass
authentication-bypass
host-header-injection
subdomain-misconfiguration
bug-bounty
bragging-post
Seqrity
InfoSec Write-ups