bug-bounty553
xss288
rce169
google122
bragging-post120
exploit108
account-takeover100
open-source91
microsoft88
facebook84
privilege-escalation81
csrf80
cve76
authentication-bypass75
malware74
stored-xss72
access-control65
ai-agents63
writeup62
reflected-xss61
ssrf54
web-security53
input-validation53
sql-injection49
cross-site-scripting48
phishing47
smart-contract46
tool46
ethereum45
defi45
privacy44
web-application43
apple42
cloudflare41
browser39
dos39
information-disclosure39
web338
lfi37
llm37
responsible-disclosure37
burp-suite35
api-security35
opinion35
vulnerability-disclosure34
oauth34
reverse-engineering34
automation34
supply-chain32
idor32
0
6/10
A bug bounty writeup describing the exploitation of a race condition combined with business logic flaws in a payment application to bypass deposit minimums and credit balance without valid bank transactions. The attacker leveraged concurrent requests with stolen/reused tokens to exploit a time-of-check-time-of-use vulnerability where the server failed to synchronize balance and minimum deposit validation across threads.
race-condition
business-logic
payment-bypass
authorization
python-scripting
token-generation
balance-manipulation
concurrent-requests
bug-bounty
HackerOne
Oleksandr Opanasiuk
aaronhnatiw/race-the-web
0
2/10
A bug bounty hunter discovered a payment bypass vulnerability in a premium course platform that allowed obtaining access for $0 through a business logic flaw, but reports a duplicate submission outcome.