![버그바운티(Bug Bounty) Write-up / retrieving account [PayPal]](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FKlKC8%2FbtqBp4yTjRc%2F63vOHI0JfSzjqOEZBFzrX0%2Fimg.png)
https://hackerone.com/reports/739737
PayPal disclosed on HackerOne: Token leak in security challenge...
A bug was identified whereby sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation. In certain cases, a user must solve a CAPTCHA challenge after authenticating. When the security challenge is completed, the authentic
hackerone.com
15,300 달러 바운티를 받은건 입니다. 해당 바운티에 대한 자세한 보고서는 제보자 블로그에 게시해 두었네요.
https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9
The Bug That Exposed Your PayPal Password
And Credit Card Number Too
medium.com
'Security > BugBounty Study' 카테고리의 다른 글
| 버그바운티(Bug Bounty) Write-up / Mass account takeovers [Slack] (0) | 2020.03.25 |
|---|---|
| 버그바운티(Bug Bounty) Write-up / RCE [Twitter] (0) | 2019.08.29 |
| 버그바운티(Bug Bounty) Write-up / Stored XSS [Shopify] (0) | 2019.06.03 |
| 버그바운티(Bug Bounty) Write-up / Stored XSS [AAF] (1) | 2019.06.02 |
| 버그바운티(Bug Bounty) Write-up / Stored XSS (0) | 2019.04.06 |