Back to directory
WRITEUP #1574

We Hacked GitHub for a Month: Here’s What We Found

Auth BypassPre-account takeoverBroken Access ControlEmail verification bypassLogic flaw
by@MrRajputHacker(Shivam Kumar Singh)
Bounty
10,000
Program
GitHub
Published
Feb 11, 2023
Added to HackDex
Feb 13, 2023
Read Full Writeuphttps://blog.cyberxplore.com/we-hacked-github-for-a-month-heres-what-we-found/
RELATED WRITEUPS
Account takeover on 8 years old public program
Auth BypassAccount takeover
Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP
Auth BypassAccount takeover
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
“Like” Bypass on Customer Reviews — €500 bounty
Logic BugLogic flaw

Built with ❤️ by Shubham Rawat