We have an unnamed dashboard application here that allows users to specify objects that will be rendered into the dashboard through JSON blobs.Users can provide dashboard templates in the form of a JSON blob, including an `item` array of which items to render...
This one comes down to a normalization difference between Cloudflare's CDN and the ChatGPT backend server.The Cloudflare CDN was setup to cache all requests under the `/share/` endpoint, and the determination of whether a path matches would happen before any percent-encoded characters were decoded...
This is a great crypto issue that I think anyone could hunt for, it has to do with seeding of random number generators.Generally speaking in many systems if you know the seed you can break/predict the values that will come from the random number generator...
Though perhaps an accidental find by Abhi Sharma it is a great one none-the-less. With a race-condition leading to the bypass of a MFA check.
Dynamic typing strikes again! Once again some fun stuff can happen when passing in an array where a string is expected.
What happens when you don't properly validate OAuth access tokens? Account takeovers.
An interesting vulnerability was found in confluence that allowed for calling semi-arbitrary methods chains on the Action class being executed.This reminds me a bit of deserialization attacks, but in this case you've got the Xwork2 framework providing a `SafeParametersInterceptor` class...
A request that isn't vulnerable until you make it twice.Definitely an interesting edge case that a lot of testing might overlook...
A curious account takeover and one-time-password (OTP) bypass vulnerability has been identified.During the signup process, users receive an OTP sent to their email address...
A lot of wrong turns, eventually leading to some parameter brute forcing and the discovery of an `href` param when submitting a Forgot Password request.The `href` value would be used to craft the forgot password link with the actual token appended to it that is reflected in the Forgot Password email...