bug-bounty497
google348
xss301
microsoft291
facebook262
rce211
exploit198
malware168
apple161
cve135
account-takeover115
bragging-post102
privilege-escalation96
csrf90
phishing86
browser75
writeup74
authentication-bypass69
supply-chain67
dos66
stored-xss65
reflected-xss57
ssrf56
reverse-engineering54
access-control52
react52
input-validation49
cross-site-scripting48
cloudflare47
aws47
docker46
web-security46
lfi46
smart-contract45
sql-injection45
web-application44
ethereum44
ctf43
web343
defi43
oauth43
node41
pentest39
race-condition39
open-source39
idor37
cloud37
info-disclosure36
burp-suite36
auth-bypass35
0
7/10
bug-bounty
A researcher discovered a Server-Side Request Forgery (SSRF) vulnerability using DNS rebinding to bypass IP-based access controls, escalating through AWS metadata enumeration and Monit admin interface exploitation to achieve instance shutdown and memory disclosure. The writeup details the methodology, tool creation, and real-world exploitation chain that combined multiple vulnerabilities.
dns-rebinding
ssrf
server-side-request-forgery
aws-metadata
vulnerability-chaining
port-enumeration
aws-keys
monit-admin
buffer-overread
ftp-enumeration
internal-network-access
time-of-check-time-of-use
CVE (buffer overread in Monit)
AWS metadata service (169.254.169.254)
Monit Admin interface
Fireshell CTF 2019
Jan Masarik
dnsFookup tool
lock.cmpxchg8b.com/rebinder.html
0
7/10
tutorial
Educational article explaining race condition vulnerabilities in web applications, particularly in financial systems, with real-world examples including the Starbucks gift card exploit where attackers could generate unlimited credit by sending concurrent transfer requests to bypass balance checks.
race-condition
time-of-check-time-of-use
concurrency-vulnerability
banking-security
financial-fraud
access-control
vulnerability-exploitation
web-application-security
synchronization
resource-locking
Egor Homakov
Starbucks
Vickie Li