bug-bounty495
xss287
google255
microsoft211
facebook181
rce169
exploit126
apple126
bragging-post112
account-takeover112
malware110
cve96
privilege-escalation86
csrf86
stored-xss74
authentication-bypass72
reflected-xss61
phishing59
access-control57
writeup56
web-security55
open-source55
dos52
browser52
input-validation50
ssrf48
defi48
smart-contract47
cross-site-scripting47
cloudflare45
reverse-engineering44
ethereum44
sql-injection44
supply-chain43
react43
oauth42
ai-agents41
web-application38
web337
aws37
lfi37
docker36
burp-suite36
api-security35
information-disclosure34
html-injection33
race-condition33
smart-contract-vulnerability33
idor32
waf-bypass31
0
6/10
A researcher discovered an IDOR vulnerability in a WebSocket-based signup flow that allowed account takeover by modifying UUID parameters during user registration, enabling email change on arbitrary accounts without proper authorization checks.
idor
websocket
account-takeover
jwt
uuid-enumeration
signup-vulnerability
authentication-bypass
bug-bounty
Mohsin Khan
example.com