#logicbugs Suchergebnisse

Found a forgotten debug endpoint /debug/killall. Dev thought it was ‘internal’ — literally deletes temp logs. Me: ‘Deleting your mistakes like a legend’. Question: How do you safely probe hidden debug endpoints in prod? #BugBountyTips #Funny #LogicBugs #BugBounty

HTTP trailers: server relies on Trailer header to validate payload integrity after body processing. Proxy strips trailers — integrity check bypassed. Where’s the verification hole? #BugBountyTips #HTTP #LogicBugs

SSO logout flaw: App logs out frontend session but not SAML session. Reopen → still logged in. Logout bypass is login persistence. #BugBountyTips #SSO #LogicBugs

JWT puzzle Dev says: we use HS256 with a strong secret. Logic flaw: server also accepts alg=none for backward compatibility. Legendary hunters don’t crack secrets—they rewrite trust. #BugBountyTips #JWT #LogicBugs #BugBounty

Found a vulnerability in a calculator app. It turned 2+2 into bank account + 1. Math class failed me, bug bounty didn’t. #BugBounty #LogicBugs

SSO misconfig: Enterprise app trusts SAML response without validating signature properly. Logic bug → unsigned assertion = instant login as any user. Legends don’t brute force—they rewrite trust. #BugBountyTips #SSO #LogicBugs #BugBounty

Delete account request requires confirmation link in email. Logic bug: backend deletes account instantly, email is just a formality. Result = self-DoS or mass account wipe. #BugBountyTips #LogicBugs #APISecurity #BugBounty

Online shop applies loyalty points only after successful checkout. Logic flaw: cancel payment at last step, but points stay credited. Repeat = infinite free money. Legends hack rules, not code. #BugBountyTips #LogicBugs #BugBounty

Frontend-only check. Backend validates permission only on certain APIs. How can a logical bypass escalate access without changing code? if(user.permissions.includes('edit')) { showEditPanel() } #BugBountyTips #LogicBugs #InfoSec #BugBounty

Multi-factor auth enabled. But after login, JWT token is issued without checking MFA flag for API requests. Think deeper: how can you skip MFA completely? #BugBountyTips #LogicBugs #Authentication #CyberSecurity

Banking app allows transfers only if daily_limit not exceeded. Limit check happens client-side before sending the request. Backend trusts the client value. How do you logically chain this into unlimited transfers? #BugBountyTips #LogicBugs #CyberSecurity #BugBounty”

Allowed_ids is updated asynchronously. Can you abuse timing or race conditions to fetch others’ balances? def get_balance(user_id): if user_id in allowed_ids: return db.query_balance(user_id) #BugBountyTips #RaceCondition #LogicBugs #BugBounty

The dev forgot to check cumulative transactions. Can you create a logical exploit to bypass limits over multiple requests? if($request['amount'] < $user_balance) { approve($request); } #BugBountyTips #LogicBugs #BugBounty #InfoSec #hacker

Day 9 & 10 – 7 hours total Found a business logic issue but didn’t report it yet due to scope ambiguity. Discovered another logic bug that got marked as informative. #BugBounty #LogicBugs #HackerLife

Day 7 & 8 – 5 hours total Found a business logic issue on a target, but it turned out to be a duplicate. #BugBounty #LogicBugs #KeepDigging

¡Parameter Logic Bugs! 💪 #LogicBugs #ValidationLogicDisparity #UnexpectedInput #NullSafety #CodeReview #Patching #ApplicationSecurity #AppSec #HTBAcademy academy.hackthebox.com/achievement/10…

#logicbugs allowing audio or video to be transmitted to #cyberattackers without user consent have been found in five mobile applications including Facebook & Google apps Don’t let bugs get the better of your business contact global-emea.com bleepingcomputer.com/news/security/…

Reposting @logicbugs: Visit our Blog For More Link on our Bio crwd.fr/2rTAByU #logicbugs #liquidcooling #nvidia #geforce

You know :( #logicbugs

Reposting @logicbugs: #technews #technology #logicbugs #xperia #xperiaxz #xperiaxzpremium #water

Allowed_ids is updated asynchronously. Can you abuse timing or race conditions to fetch others’ balances? def get_balance(user_id): if user_id in allowed_ids: return db.query_balance(user_id) #BugBountyTips #RaceCondition #LogicBugs #BugBounty

The dev forgot to check cumulative transactions. Can you create a logical exploit to bypass limits over multiple requests? if($request['amount'] < $user_balance) { approve($request); } #BugBountyTips #LogicBugs #BugBounty #InfoSec #hacker

#tech #logicbugs #liquidcooling #nvidia #geforce #liquidcooling#watercooling #rgb #asus #gigabyte #msi #intel #corsair #computer

HomePod 😍 Visit our Website For More crwd.fr/2tgawWY +Follow US For More News and Information #technology #technews #logicbugs

iMac Pro Love 😍 Visit our Website For More crwd.fr/2tfW4hE +Follow US For More News and Information #technology #technews #logicbugs

Reposting @logicbugs: Visit our Blog For More Link on our Bio crwd.fr/2rTAByU #logicbugs #liquidcooling #nvidia #geforce

Magic Mouse & Keyboard Visit our Website For More crwd.fr/2siiykH +Follow US For More #technology #technews #logicbugs

Microsoft Surface Studio 😍 Visit our Website For More crwd.fr/2siaIb7 +Follow US For More #technology #technews #logicbugs

#logicbugs allowing audio or video to be transmitted to #cyberattackers without user consent have been found in five mobile applications including Facebook & Google apps Don’t let bugs get the better of your business contact global-emea.com bleepingcomputer.com/news/security/…

Reposting @logicbugs: Stuff to know about all the Macs Apple updated this week crwd.fr/2sJCWfk #macbook #macbookpro #logicbugs