Back to directory
WRITEUP #6046

My Best Small Report Bounty Report in Private Program ( Django REST framework Admin Login ByPass )

SQL InjectionAuthentication bypassAccount takeover
by@m7mdharon(Mohamed Haron)
Bounty
2,000
Program
-
Published
Apr 1, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://web.archive.org/web/20201022201335/https://www.mohamedharon.com/2018/04/my-best-small-report-bounty-report-in.html
RELATED WRITEUPS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat