🟠 Flawed SSO implementation and exposed API keys allowed
Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems by API keys stored in client-side JavaScript.
| Url | Type | Bounty |
|---|---|---|
| https://www.traceable.ai/blog-post/angular-ing-for-authz-problematic-anti-patterns-in-single-sign-on-systems | flawed SSO | - |
🔴 Authorization Bypass via Parameter Parsing Mismatch
A critical authorization bypass was discovered due to inconsistent parameter parsing between the Django frontend API and the Flask internal API.
| Url | Type | Bounty |
|---|---|---|
| https://medium.com/@pranshux0x/5-000-authorization-bypass-via-parameter-parsing-mismatch-django-flask-6f0f748db6be | flawed SSO | $5,000 |
🔴 Bypassing a login page and getting full admin access.
In this write up i’ll go over how I went from a login page of a training platform which I didn’t have credentials for to getting full administrative access as well as limited SSN leak on some users.
| Url | Type | Bounty |
|---|---|---|
| https://medium.com/@pranshux0x/5-000-authorization-bypass-via-parameter-parsing-mismatch-django-flask-6f0f748db6be | flawed SSO | - |
🔴 JavaScript code to create own keys
The site creates “tokens” (like digital keys) right in your browser, using that exposed secret.
| Url | Type | Bounty |
|---|---|---|
| https://medium.com/@NeM0x00/from-a-simple-client-side-mistake-to-full-read-write-access-of-an-internal-support-system-ebd40e4588ee | Key creation | - |
🟡 Edit settings settings as lower user after being disabeld
The site creates “tokens” (like digital keys) right in your browser, using that exposed secret.
| Url | Type | Bounty |
|---|---|---|
| https://mahmoud-khalid.medium.com/how-i-found-3-logic-bugs-2-access-control-issues-in-one-public-bb-program-9ce2cf66fdd8 | Access Control | - |