Back to directory
WRITEUP #1060

How we tried to book a train ticket and ended up with a databreach with 245,000 records

AI / LLMSubdomain takeoverPassword resetLogic flawBroken Access Control
by@zerforschung(zerforschung)
Program
DiscoverEU
Published
Jun 19, 2023
Added to HackDex
Jun 21, 2023
Read Full Writeuphttps://zerforschung.org/posts/freundschaftspass-en/
RELATED WRITEUPS
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
Unmasking Harmful Content in a Medical Chatbot: A Red Team Perspective
AI / LLMAI
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
AI / LLMCI/CD
Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
AI / LLMAI
“Like” Bypass on Customer Reviews — €500 bounty
Logic BugLogic flaw

Built with ❤️ by Shubham Rawat