bug-bounty507
xss286
rce140
bragging-post119
account-takeover104
google99
exploit93
open-source93
csrf85
authentication-bypass81
facebook75
stored-xss74
privilege-escalation74
microsoft72
cve71
access-control68
ai-agents64
web-security63
reflected-xss63
writeup58
input-validation52
ssrf52
sql-injection49
malware49
smart-contract48
defi48
cross-site-scripting47
tool46
ethereum45
privacy45
information-disclosure44
phishing42
api-security41
web-application38
lfi37
llm37
burp-suite36
opinion36
apple35
vulnerability-disclosure35
automation35
cloudflare34
idor33
smart-contract-vulnerability33
responsible-disclosure33
html-injection33
oauth33
web333
infrastructure33
machine-learning32
0
5/10
bug-bounty
Researcher bypassed 2FA on www.domain.com by intercepting the login request with Burp Suite, changing the Host header to beta.domain.com (a parallel subdomain without 2FA enforcement), and submitting an arbitrary code (000000) to successfully authenticate. The vulnerability stemmed from inconsistent 2FA implementation across subdomains, fixed within one day but without bounty payout.
2fa-bypass
authentication-bypass
host-header-injection
subdomain-misconfiguration
bug-bounty
bragging-post
Seqrity
InfoSec Write-ups