bug-bounty524
xss282
rce152
bragging-post120
google112
account-takeover99
exploit96
open-source91
microsoft81
csrf78
facebook77
authentication-bypass75
stored-xss72
privilege-escalation72
cve70
access-control65
ai-agents63
malware63
reflected-xss61
writeup53
input-validation53
web-security53
ssrf52
sql-injection49
cross-site-scripting48
smart-contract46
tool46
defi45
ethereum45
privacy44
web-application43
phishing40
information-disclosure39
apple38
browser38
responsible-disclosure37
llm37
web337
lfi36
burp-suite35
opinion35
api-security35
cloudflare34
vulnerability-disclosure34
automation34
oauth33
idor32
machine-learning32
dos31
code-generation31
0
7/10
A researcher discovered an improper authorization vulnerability combined with a race condition on an e-commerce checkout page that allowed attackers to harvest credit card details by rapidly requesting a checkout URL with Burp Intruder while a victim submitted payment information, causing the server to leak cached form data before redirecting.
race-condition
improper-authorization
information-disclosure
credit-card-theft
checkout-vulnerability
logical-flaw
server-side-validation-bypass
multi-threading-attack
burp-intruder
e-commerce
Mandeep Jadon
Burp Intruder