bug-bounty448
google355
microsoft313
facebook262
xss238
apple180
malware174
rce149
exploit124
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass63
dos60
reflected-xss57
browser57
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting48
access-control47
smart-contract45
docker45
aws45
node44
ethereum43
web343
sql-injection43
web-security42
defi42
web-application41
ssrf38
burp-suite35
vulnerability-disclosure34
idor34
race-condition33
html-injection33
info-disclosure33
smart-contract-vulnerability32
writeup32
buffer-overflow32
cloud32
oauth32
information-disclosure30
0
8/10
A researcher discovered a chained CSRF vulnerability chain (4 requests) in a user management system's CSV import functionality that allowed unauthenticated account takeover by uploading a malicious CSV file without CSRF tokens, escalating to system admin privileges. The attack exploited timing delays between import steps and lack of CSRF protection on all four endpoints (file upload, job view, verification, and submission).
csrf
cross-site-request-forgery
account-takeover
privilege-escalation
csv-upload
file-upload
xss
chain-vulnerability
lack-of-csrf-protection
lack-of-input-validation
timing-attack
HackerOne
A Bug'z Life