bug-bounty540
xss292
rce199
google179
exploit143
microsoft127
malware122
bragging-post120
facebook115
cve112
account-takeover111
privilege-escalation91
open-source91
csrf82
authentication-bypass77
stored-xss72
phishing67
access-control65
ai-agents63
reflected-xss61
apple59
writeup58
input-validation53
web-security53
ssrf52
reverse-engineering51
browser50
sql-injection49
dos48
supply-chain48
cross-site-scripting48
smart-contract46
tool46
ethereum45
defi45
privacy44
cloudflare43
web-application43
web342
lfi39
information-disclosure39
oauth37
responsible-disclosure37
llm37
api-security36
burp-suite35
opinion35
ctf35
vulnerability-disclosure34
automation34
0
7/10
A researcher discovered an improper authorization vulnerability combined with a race condition on an e-commerce checkout page that allowed attackers to harvest credit card details by rapidly requesting a checkout URL with Burp Intruder while a victim submitted payment information, causing the server to leak cached form data before redirecting.
race-condition
improper-authorization
information-disclosure
credit-card-theft
checkout-vulnerability
logical-flaw
server-side-validation-bypass
multi-threading-attack
burp-intruder
e-commerce
Mandeep Jadon
Burp Intruder
0
7/10
vulnerability
A researcher discovered an improper authorization vulnerability in HackerOne's embedded submission form feature that allows bypassing both the 2FA requirement enforcement and program-level hacker blacklists by submitting reports through the embedded submission URL instead of the standard interface.
improper-authorization
authentication-bypass
2fa-bypass
embedded-forms
hackerone
bug-bounty-platform
access-control
blacklist-bypass
vulnerability-disclosure
responsible-disclosure
HackerOne
Japz Divino
Parrot Security
Ace Candelario
Jobert (HackerOne Co-Founder)