| This is arguably the dumbest bug I’ve ever found. |
|
|
|
| Account takeover vulnerability that resulted in $2500 bounty! |
|
|
|
| Bypassing SameSite=lax cookie restrictions to preform CSRF resulting to a horizontal privilege escalation via poor email verification mechanism |
|
|
|
writeups.xyz
/
Imad Husanovic (@Deadoverflow_)