bug-bounty523
xss281
rce149
bragging-post120
google108
account-takeover99
open-source91
exploit90
csrf78
facebook76
authentication-bypass75
microsoft74
stored-xss72
privilege-escalation70
access-control65
ai-agents63
reflected-xss61
cve58
web-security53
writeup53
input-validation53
malware51
ssrf50
sql-injection49
cross-site-scripting48
smart-contract46
tool46
defi45
ethereum45
privacy44
web-application43
information-disclosure39
phishing38
web337
responsible-disclosure37
llm37
browser36
burp-suite35
opinion35
api-security35
apple35
lfi34
automation34
vulnerability-disclosure34
machine-learning32
oauth31
infrastructure31
denial-of-service31
code-generation31
html-injection31
0
7/10
A researcher discovered an improper authorization vulnerability combined with a race condition on an e-commerce checkout page that allowed attackers to harvest credit card details by rapidly requesting a checkout URL with Burp Intruder while a victim submitted payment information, causing the server to leak cached form data before redirecting.
race-condition
improper-authorization
information-disclosure
credit-card-theft
checkout-vulnerability
logical-flaw
server-side-validation-bypass
multi-threading-attack
burp-intruder
e-commerce
Mandeep Jadon
Burp Intruder