Back to directory
WRITEUP #4020

Hacking Chess.com and Accessing 50 Million Customer Records

XSSReflected XSSInformation disclosureAccount takeover
by@samwcyo(Sam Curry)
Program
Chess.com
Published
Feb 11, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://samcurry.net/hacking-chesscom/
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat