Back to directory

WRITEUP #3403

10 golden minutes for taking over a Chess.com account

RCELack of rate limitingBruteforceSession expiration issue

by@seqrity9(Seqrity)

Bounty

400

Program

Chess.com

Published

Sep 14, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://infosecwriteups.com/10-golden-minutes-for-taking-over-a-chess-com-account-56e73f7c5f0d

▸ RELATED WRITEUPS

Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

Built with ❤️ by Shubham Rawat