bug-bounty553
xss280
rce188
google165
exploit131
malware131
microsoft130
facebook127
bragging-post120
account-takeover110
cve105
open-source91
privilege-escalation88
csrf82
authentication-bypass75
phishing73
stored-xss72
access-control65
ai-agents63
reflected-xss61
apple60
input-validation53
web-security53
reverse-engineering51
supply-chain50
writeup50
sql-injection49
ssrf49
dos48
cross-site-scripting48
browser47
smart-contract46
tool46
ethereum45
defi45
privacy44
web-application43
web341
cloudflare40
information-disclosure39
llm37
responsible-disclosure37
opinion35
burp-suite35
api-security35
race-condition34
vulnerability-disclosure34
automation34
lfi34
idor34
0
6/10
A bug bounty writeup describing the exploitation of a race condition combined with business logic flaws in a payment application to bypass deposit minimums and credit balance without valid bank transactions. The attacker leveraged concurrent requests with stolen/reused tokens to exploit a time-of-check-time-of-use vulnerability where the server failed to synchronize balance and minimum deposit validation across threads.
race-condition
business-logic
payment-bypass
authorization
python-scripting
token-generation
balance-manipulation
concurrent-requests
bug-bounty
HackerOne
Oleksandr Opanasiuk
aaronhnatiw/race-the-web