bug-bounty530
xss252
rce151
google132
bragging-post120
account-takeover100
microsoft97
malware96
facebook93
open-source91
privilege-escalation81
csrf77
exploit75
authentication-bypass75
cve73
stored-xss72
access-control65
ai-agents63
reflected-xss61
phishing60
web-security53
input-validation53
sql-injection49
cross-site-scripting48
apple47
smart-contract46
tool46
defi45
ethereum45
ssrf45
privacy44
web-application43
reverse-engineering43
dos42
supply-chain41
information-disclosure39
web338
llm37
responsible-disclosure37
cloudflare36
burp-suite35
api-security35
opinion35
vulnerability-disclosure34
automation34
writeup34
idor33
machine-learning32
code-generation31
denial-of-service31
0
8/10
vulnerability
Researcher bypassed custom token-based brute force protection in an Android mobile app by reverse-engineering a native .so library with JADX, extracting it via ADB, analyzing it with IDA, and using FRIDA to dynamically inject JavaScript that overloaded the token generation function at runtime, allowing arbitrary token generation and defeating the rate-limiting mechanism.
token-bypass
brute-force
android-security
native-code-analysis
frida
rate-limiting
reverse-engineering
binary-analysis
mobile-app-security
authentication-bypass
code-injection
dynamic-instrumentation
FRIDA
JADX
IDA
Burpsuite
Android
APK