bug-bounty371
xss316
google239
microsoft202
facebook194
apple135
exploit110
rce99
csrf78
malware62
account-takeover60
writeup59
bragging-post57
authentication-bypass55
browser53
access-control49
defi48
cve47
smart-contract47
ethereum44
privilege-escalation43
open-source42
sql-injection39
ssrf38
web338
ai-agents35
docker35
dos34
aws33
smart-contract-vulnerability33
supply-chain32
phishing30
idor30
react28
denial-of-service28
information-disclosure27
api-security27
solidity25
cloudflare25
burp-suite25
clickjacking25
oauth24
race-condition23
sqli23
node23
wordpress23
remote-code-execution22
vulnerability-disclosure22
reverse-engineering21
web-security21
0
3/10
bug-bounty
A researcher discovered a two-factor authentication bypass in a private program by removing the VerificationDetails object from a JSON API request, allowing toggling of 2FA without OTP validation. The vulnerability was awarded $50.
two-factor-authentication-bypass
authentication-bypass
json-manipulation
api-security
parameter-removal
bragging-post
Aung Pyae Ko Ko