Back to directory

WRITEUP #2540

We Hacked Larksuite For 1 month and Here is what we found

XSSIDORPrivilege escalationBroken Access ControlCSRF40x bypass

by@snap_sec(Snap Sec)

Program

Lark Technologies

Published

Jul 4, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://web.archive.org/web/20220716152713/https://snapsec.co/blog/hacking-larksuite/

▸ RELATED WRITEUPS

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

How I got my first $13500 bounty through Parameter Polluting (HPP)

Vestaboard: Exploring Broken Access Controls and Privilege Escalation

Privilege EscalationBroken Access Control

How I Earned $469 Bounty: Bypassing Plan Restriction

Privilege EscalationBroken Access Control

A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel

IDORBroken Access Control

Built with ❤️ by Shubham Rawat