bug-bounty480
google303
xss278
microsoft254
facebook214
rce162
apple151
exploit137
bragging-post102
account-takeover99
malware97
csrf83
cve82
privilege-escalation76
authentication-bypass66
stored-xss65
writeup61
reflected-xss57
react54
browser54
phishing53
ssrf51
dos51
access-control50
input-validation49
cloudflare49
cross-site-scripting48
docker46
aws46
node46
smart-contract45
sql-injection45
ethereum44
defi43
web-application43
web-security43
supply-chain43
oauth41
web339
reverse-engineering37
burp-suite36
lfi35
vulnerability-disclosure35
idor35
html-injection33
race-condition32
smart-contract-vulnerability32
csp-bypass31
clickjacking31
information-disclosure30
0
8/10
A reflected XSS vulnerability in a URL parameter was chained with multiple design flaws (tokens stored in localStorage, lack of token revocation across devices, authorization via headers instead of cookies) to achieve persistent account takeover by stealing and replaying Cognito refresh tokens. The attacker could silently exfiltrate authentication tokens while clearing localStorage to make the victim believe they were logged out.
xss
reflected-xss
account-takeover
ato
session-hijacking
token-theft
local-storage
authorization-header
amazon-cognito
javascript-injection
url-parameter-injection
multi-device-session-management
bug-bounty
vulnerability-chaining
Amazon Cognito
Milind Purswani
Yash Sodha
Angular