| Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens |
|
|
|
| DOS attack possible on Reset 2FA feature of #Hackerone |
|
|
|
| My First Un-Expected $$$$ Digit Bounty for an Un-Expected Vulnerability |
|
|
|
| How I became a millionaire in 3h | Fintech Bug Bounty — Part 1 |
|
|
|
| [BAC/IDOR] How my father credit card help me to find this access control issue |
|
|
|
| My Account Takeover Writeup: $5000 |
|
|
|
| GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown |
|
|
|
| How I found 3 rare security bug in a day |
|
|
|
| PII Disclosure of Apple Users ($10k) |
|
|
|
| Exploiting vulnerabilities in iOS Application |
|
|
|
| ATO without any interaction [aws cognito misconfiguration] |
|
|
|
| Rate Limit Bypass at Readme.com |
|
|
|
| What I Found on Sony Vulnerability Disclosure Program |
|
|
|
| No Rate Limiting on OTP sending |
|
|
|
| Missing rate-limiting. How I was able to add any unowned phone number to my Facebook account? (Bounty: 5000 USD) |
|
|
|
| How I was able to take over accounts in websites deal with Github as an SSO provider |
|
|
|
| Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)😲 |
|
|
|
| How I managed to hack User accounts of a billion-dollar sport platform |
|
|
|
| chaining improper authentication to idor and no rate limit for mass account takeover |
|
|
|
| Unlimited report user in Instagram (Facebook) leads to abuse risk. |
|
|
|
| 10 golden minutes for taking over a Chess.com account |
|
|
|
| OTP brute-force via rate limit bypass |
|
|
|
| Is Math.random() Safe? from missing rate limit to bypass 2fa and possible sqli |
|
|
|
| $500 For No Rate Limit On Forgot Password Page |
|
|
|
| BMW Bug Bounty – Account Verification Bypass writeup |
|
|
|
writeups.xyz
/
Lack of Rate Limiting