WRITEUP #1028

DOS attack possible on Reset 2FA feature of #Hackerone

OtherApplication-level DoSLack of rate limiting

byLokesh Ranjan

Program

HackerOne

Published

Jun 26, 2023

Added to HackDex

Jun 27, 2023

Read Full Writeuphttps://medium.com/@lokesh.leads13/disallow-any-hackerone-user-permanent-access-to-his-her-own-hackerone-account-using-vulnerability-147ce9957692

▸ RELATED WRITEUPS

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

OtherSSTI

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Part 2: From Byovdll To Arbitrary Code Execution In Lsass

OtherUse-After-Free

Built with ❤️ by Shubham Rawat