LogicalBreach Academy Feed

LogicalBreach Academy Feed https://academy.logicalbreach.com/ Latest bug bounty writeups, tools and security cheatsheets en-us Sat, 06 Jun 2026 06:50:54 GMT <![CDATA[Hardcoded Authentication Token in Public JS → Admin API Session Takeover]]> https://academy.logicalbreach.com//writeups/hardcoded-authentication-token-in-public-js-admin-api-session-takeover-0d9d0d46 0f5df200-0d17-4e56-a886-6e2da285b208 Fri, 05 Jun 2026 08:23:26 GMT <![CDATA[Improper Access Control on www.target.example through /services/formcampaign via header "option" leads to unauthenticated read/write on the production marketing-campaign database]]> https://academy.logicalbreach.com//writeups/improper-access-control-on-www-target-example-through-services-formcampaign-via-header-option-leads-to-unauthenticated-read-write-on-the-production-marketing-campaign-database-b84f1127 e6b2303c-ba46-4e14-8e41-11eef60d83f6 Mon, 01 Jun 2026 09:09:18 GMT <![CDATA[Stored XSS in public-share preview silently exposes the victim's entire drive]]> https://academy.logicalbreach.com//writeups/stored-xss-in-public-share-preview-silently-exposes-the-victim-s-entire-drive-e63671bc c48aa92f-f865-4885-9e97-00e8bec33ae7 Mon, 01 Jun 2026 09:01:59 GMT <![CDATA[Blind POST SSRF via Web Push Notification Endpoint]]> https://academy.logicalbreach.com//writeups/blind-post-ssrf-via-web-push-notification-endpoint-3e0fc1d7 303c963f-802d-4d16-a0f9-5e5c6ad0f508 Sun, 31 May 2026 19:42:06 GMT https://hackerone.com/reports/3608558 by misop00p]]> <![CDATA[V1Plugin.Decrypt panics on empty ciphertext (Remote DoS)]]> https://academy.logicalbreach.com//writeups/v1plugin-decrypt-panics-on-empty-ciphertext-remote-dos-2d43856a 2ebbb2cb-7398-4fcf-b007-927c677a8bac Sun, 31 May 2026 19:41:17 GMT https://hackerone.com/reports/3620748 by misop00p]]> <![CDATA[V2Plugin.Decrypt panics on empty ciphertext (Remote DoS)]]> https://academy.logicalbreach.com//writeups/v2plugin-decrypt-panics-on-empty-ciphertext-remote-dos-4c61b8fc 194c8905-7af4-45fc-9b58-cb3be8a794f1 Sun, 31 May 2026 19:40:39 GMT https://hackerone.com/reports/3620753 by misop00p]]> <![CDATA[POST /api/bitcoinWithdrawalFees returns financial data without authentication despite being documented as a USER OPERATION (private endpoint)]]> https://academy.logicalbreach.com//writeups/post-api-bitcoinwithdrawalfees-returns-financial-data-without-authentication-despite-being-documented-as-a-user-operation-private-endpoint-f7b06d0e 2714a8cf-ede3-4534-94f6-519198b740ec Sun, 31 May 2026 19:39:25 GMT https://hackerone.com/reports/3676308 by glferreira-devsecops]]> <![CDATA[HMAC signature verification omits endpoint and payload allowing request forgery on CoinMate API]]> https://academy.logicalbreach.com//writeups/hmac-signature-verification-omits-endpoint-and-payload-allowing-request-forgery-on-coinmate-api-6266d6a7 ee978a5a-f74a-4aae-af5f-2f0c898f42ee Sun, 31 May 2026 19:38:34 GMT https://hackerone.com/reports/3670955 by glferreira-devsecops]]> <![CDATA[Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link]]> https://academy.logicalbreach.com//writeups/liberapay-member-team-twitter-account-broken-link-hijacking-via-expired-twitter-account-link-4b3eead2 9991523c-fe56-45b6-8c03-caf872c109eb Sun, 31 May 2026 19:37:12 GMT https://hackerone.com/reports/3721519 by rox-11]]> <![CDATA[ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection]]> https://academy.logicalbreach.com//writeups/activestorage-disk-service-path-traversal-via-custom-blob-key-injection-f0c88ee7 4cbd1403-ae61-4048-bf8d-d99b765a37e5 Sun, 31 May 2026 19:35:56 GMT https://hackerone.com/reports/3580511 by ksw9722]]> <![CDATA[Critical Deadlock Vulnerability in Monero RPC Leading to Complete Node Paralysis]]> https://academy.logicalbreach.com//writeups/critical-deadlock-vulnerability-in-monero-rpc-leading-to-complete-node-paralysis-b664e976 62ef387a-9ab6-477c-9c6e-f3d3d1bfb7f8 Sun, 31 May 2026 19:35:11 GMT https://hackerone.com/reports/3307874 by rorkh]]> <![CDATA[Out of scope: Improper Input Validation Order on /api-internal/login via password field leads to unnecessary resource consumption]]> https://academy.logicalbreach.com//writeups/out-of-scope-improper-input-validation-order-on-api-internal-login-via-password-field-leads-to-unnecessary-resource-consumption-04ac99c4 89ef1fa3-2559-490f-9ddf-8d79d70f00ff Sun, 31 May 2026 19:33:33 GMT https://hackerone.com/reports/3625600 by bereza4321]]> <![CDATA[Email Verification Bypass / Email Squatting via Client-Side `accounts.setAccountInfo`]]> https://academy.logicalbreach.com//writeups/email-verification-bypass-email-squatting-via-client-side-accounts-setaccountinfo-46c1127b 5ba3fdc3-573f-48b1-aaaa-fc3ca9f3f6ff Sat, 30 May 2026 14:41:50 GMT <![CDATA[Admin Panel Exposure via WAF Bypass (URL Encoding) + Broken reCAPTCHA + Internal Info Leak]]> https://academy.logicalbreach.com//writeups/admin-panel-exposure-via-waf-bypass-url-encoding-broken-recaptcha-internal-info-leak-0008950f 20482471-ba91-4f23-896a-8031f30b93a9 Sat, 30 May 2026 14:39:30 GMT <![CDATA[DOM-XSS on Central SSO Origin via Unvalidated `retryUrl` (WAF Bypass with `javascript:name`)]]> https://academy.logicalbreach.com//writeups/dom-xss-on-central-sso-origin-via-unvalidated-retryurl-waf-bypass-with-javascript-name-ac701cac ce375e45-4e79-45ae-bc31-06f134750b58 Sat, 30 May 2026 14:35:23 GMT <![CDATA[ Inventory Disruption via Quantity Manipulation in Order Creation]]> https://academy.logicalbreach.com//writeups/inventory-disruption-via-quantity-manipulation-in-order-creation-99c02266 0d7016bb-62f1-4195-97cd-324aed48fd62 Sat, 30 May 2026 14:32:15 GMT <![CDATA[Payment Method Validation Bypass via Order Update Flow]]> https://academy.logicalbreach.com//writeups/payment-method-validation-bypass-via-order-update-flow-0f9955f9 48ee7179-d538-4ecf-8c44-e6dade5a8f63 Sat, 30 May 2026 14:28:58 GMT <![CDATA[A PortSwigger-lab-style cache poisoning → pre-auth ATO with a single request]]> https://academy.logicalbreach.com//writeups/a-portswigger-lab-style-cache-poisoning-pre-auth-ato-with-a-single-request-6dce8f5e c3d6a5e6-edf4-4d85-9ca6-bd0250b40e41 Sat, 30 May 2026 10:19:44 GMT <![CDATA[SQL Injection on api.redacted-target.com through /api/v1/auth/login via POST parameter "module" leads to Sensitive Data Exposure and Remote Code Execution]]> https://academy.logicalbreach.com//writeups/pre-authenticated-sql-injection-on-api-redacted-target-com-through-api-v1-auth-login-via-post-parameter-module-leads-to-sensitive-data-exposure-and-remote-code-execution-3905cf93 fb24986c-4fb3-4738-9ac4-211c251600a2 Wed, 20 May 2026 20:37:50 GMT <![CDATA[SQL Injection on api.target.example through /api/v1/projects via POST parameter "tableName" leads to Remote Code Execution (RCE)]]> https://academy.logicalbreach.com//writeups/sql-injection-on-api-target-example-through-api-v1-projects-via-post-parameter-tablename-leads-to-remote-code-execution-rce-3fc57486 c88c7929-5f68-4a91-9b2d-91372ebf74a8 Wed, 20 May 2026 20:32:29 GMT <![CDATA[CVE-2026-7168: cross-proxy Digest auth state leak]]> https://academy.logicalbreach.com//writeups/cve-2026-7168-cross-proxy-digest-auth-state-leak-a464f64c ea105f21-9909-450b-bb2b-0c6dd16aea65 Sat, 02 May 2026 20:18:46 GMT https://hackerone.com/reports/3697719 by xkilua]]> <![CDATA[CVE-2026-7009: OCSP stapling bypass with Apple SecTrust]]> https://academy.logicalbreach.com//writeups/cve-2026-7009-ocsp-stapling-bypass-with-apple-sectrust-3d49e6ce 3be2757d-7c46-403c-a615-1328a0c0bbb4 Sat, 02 May 2026 20:17:40 GMT https://hackerone.com/reports/3694390 by 3lcarry]]> <![CDATA[CVE-2026-6253: proxy credentials leak over redirect-to proxy]]> https://academy.logicalbreach.com//writeups/cve-2026-6253-proxy-credentials-leak-over-redirect-to-proxy-5916d2db 456a5f23-0adf-44a7-b03b-540185760a27 Sat, 02 May 2026 20:17:02 GMT https://hackerone.com/reports/3669637 by joesephdiver]]> <![CDATA[CVE-2026-5545: wrong reuse of HTTP Negotiate connection]]> https://academy.logicalbreach.com//writeups/cve-2026-5545-wrong-reuse-of-http-negotiate-connection-5aa92a2b c8758b70-5ea9-4d23-8ffa-96ad5c0f3995 Sat, 02 May 2026 20:16:12 GMT https://hackerone.com/reports/3642555 by quaccws]]> <![CDATA[CVE-2026-6276: stale custom cookie host causes cookie leak]]> https://academy.logicalbreach.com//writeups/cve-2026-6276-stale-custom-cookie-host-causes-cookie-leak-015e4768 1bc0c799-91f5-4035-a78b-db84daecd6b0 Sat, 02 May 2026 20:15:11 GMT https://hackerone.com/reports/3671818 by arkss]]> <![CDATA[CVE-2026-6429: netrc credential leak with reused proxy connection]]> https://academy.logicalbreach.com//writeups/cve-2026-6429-netrc-credential-leak-with-reused-proxy-connection-d446e7c1 a0dc366b-c60c-4499-a474-93706f08e5b8 Sat, 02 May 2026 20:14:09 GMT https://hackerone.com/reports/3677759 by nobcoderr]]> <![CDATA[CVE-2026-4873: connection reuse ignores TLS requirement]]> https://academy.logicalbreach.com//writeups/cve-2026-4873-connection-reuse-ignores-tls-requirement-0636f857 17dd9f3e-490a-49f6-aa8a-bb70380e1e0d Sat, 02 May 2026 20:13:01 GMT https://hackerone.com/reports/3621851 by bonaire]]> <![CDATA[CVE-2026-5773: wrong reuse of SMB connection]]> https://academy.logicalbreach.com//writeups/cve-2026-5773-wrong-reuse-of-smb-connection-7d54e0d8 1a61b91e-ce63-4f8e-9d67-d53bc0165093 Sat, 02 May 2026 20:12:06 GMT https://hackerone.com/reports/3650689 by osama-hamad]]> <![CDATA[Bypass of Restricted Keyword "Mozilla" in Display Name Field via Unicode Homoglyphs on addons.allizom.org]]> https://academy.logicalbreach.com//writeups/bypass-of-restricted-keyword-mozilla-in-display-name-field-via-unicode-homoglyphs-on-addons-allizom-org-45ad2a56 16d00809-a03b-486a-9385-d74e782d3a12 Sat, 02 May 2026 20:09:06 GMT https://hackerone.com/reports/3279441 by icecream_23]]> <![CDATA[Argument Injection in /manage/ssh/ via host parameter leads to sensitive file disclosure on Weblate]]> https://academy.logicalbreach.com//writeups/argument-injection-in-manage-ssh-via-host-parameter-leads-to-sensitive-file-disclosure-on-weblate-1e2f65e3 f15d364b-056a-42f5-a3e7-6c3b3499611a Mon, 27 Apr 2026 09:38:56 GMT https://hackerone.com/reports/3518571 by alexb_616]]> <![CDATA[MFA Bypass via Account Attribute Manipulation]]> https://academy.logicalbreach.com//writeups/mfa-bypass-via-account-attribute-manipulation-77cec1bd 9a3511d7-ad50-4e03-b5d8-ad4cc6115393 Fri, 24 Apr 2026 10:07:29 GMT <![CDATA[Escalating a Reflected XSS to High Severity via Filter Bypass and Cache-Assisted Delivery]]> https://academy.logicalbreach.com//writeups/escalating-a-reflected-xss-to-high-severity-via-filter-bypass-and-cache-assisted-delivery-f3fc7324 3bf1081e-e928-4b5a-8adf-5a9a11ca7913 Wed, 22 Apr 2026 17:18:45 GMT <![CDATA[Escalating Reflected XSS to High Severity via WAF Bypass + Credential Phishing]]> https://academy.logicalbreach.com//writeups/escalating-reflected-xss-to-high-severity-via-waf-bypass-credential-phishing-ffd8112d 1df52883-4160-489d-b947-613a102cad92 Wed, 22 Apr 2026 11:37:17 GMT <![CDATA[SVG filter primitives bypass remote image blocking, enabling email tracking without consent.]]> https://academy.logicalbreach.com//writeups/svg-filter-primitives-bypass-remote-image-blocking-enabling-email-tracking-without-consent-ec314c70 13394821-a6ab-4e65-ac0f-75998a014b2f Tue, 21 Apr 2026 10:37:21 GMT https://hackerone.com/reports/3486747 by nullcathedral]]> <![CDATA[position: fixed !important bypasses CSS sanitizer's fixed-position mitigation, enabling full-viewport phishing overlays.]]> https://academy.logicalbreach.com//writeups/position-fixed-important-bypasses-css-sanitizer-s-fixed-position-mitigation-enabling-full-viewport-phishing-overlays-f5ab530c 4dd5d5e5-a841-4a6d-99d3-986049f34af8 Tue, 21 Apr 2026 10:36:27 GMT https://hackerone.com/reports/3590586 by nullcathedral]]> <![CDATA[Unquoted body background attribute enables CSS injection that bypasses remote image blocking]]> https://academy.logicalbreach.com//writeups/unquoted-body-background-attribute-enables-css-injection-that-bypasses-remote-image-blocking-e9c47a31 9bd9b3fb-019f-47aa-97a8-9f609c776a04 Tue, 21 Apr 2026 10:35:00 GMT https://hackerone.com/reports/3590583 by nullcathedral]]> <![CDATA[SMIL values and by attributes bypass remote image blocking via unvalidated resource-loading animations, enabling email tracking without consent]]> https://academy.logicalbreach.com//writeups/smil-values-and-by-attributes-bypass-remote-image-blocking-via-unvalidated-resource-loading-animations-enabling-email-tracking-without-consent-8262eb80 f03edaf9-201f-486f-826e-2a54f11263d8 Tue, 21 Apr 2026 10:34:03 GMT https://hackerone.com/reports/3590576 by nullcathedral]]> <![CDATA[Stored XSS in attachment-display exploitable through SameSite]]> https://academy.logicalbreach.com//writeups/stored-xss-in-attachment-display-exploitable-through-samesite-5b3d5697 9995cab9-4459-441e-a604-a5daec9c0604 Tue, 21 Apr 2026 10:33:04 GMT https://hackerone.com/reports/3594137 by aikido_security]]> <![CDATA[DOM XSS to High Severity via Credential Phishing Overlay]]> https://academy.logicalbreach.com//writeups/dom-xss-to-high-severity-via-credential-phishing-overlay-df9c3034 c7f521c5-c007-4816-bb02-3b630469012b Sun, 19 Apr 2026 14:17:51 GMT <![CDATA[Rails::HTML::Sanitizer.allowed_uri? returns true for entity-encoded control-character-split javascript: URLs]]> https://academy.logicalbreach.com//writeups/rails-html-sanitizer-allowed-uri-returns-true-for-entity-encoded-control-character-split-javascript-urls-6e802bf8 af4333fc-f811-4114-bca9-be4ca1c241a9 Sun, 19 Apr 2026 08:58:50 GMT https://hackerone.com/reports/3601655 by smlee]]> <![CDATA[Residual Malicious Payloads on HackerOne after Vulnerability Fixes]]> https://academy.logicalbreach.com//writeups/residual-malicious-payloads-on-hackerone-after-vulnerability-fixes-c8bf3f6a 97ff78c7-6228-467a-8fa4-b2c6d8edfbc0 Sat, 18 Apr 2026 10:19:54 GMT https://hackerone.com/reports/3168691 by joejoe5]]> <![CDATA[DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API]]> https://academy.logicalbreach.com//writeups/dos-via-mutation-aliasing-in-graphql-account-recovery-phone-number-verification-api-b3ded1f5 bdec170a-1fae-4b2d-be1d-0cf4bea01af7 Sat, 18 Apr 2026 10:17:29 GMT https://hackerone.com/reports/3287208 by hellokbit]]> <![CDATA[DOM XSS in `fizzy.do` import filename preview enables one-click victim account takeover]]> https://academy.logicalbreach.com//writeups/dom-xss-in-fizzy-do-import-filename-preview-enables-one-click-victim-account-takeover-e52cba0f 09d5bb71-0811-4139-9219-50bb98a7f01c Sat, 18 Apr 2026 10:10:55 GMT https://hackerone.com/reports/3608199 by xavlimsg]]> <![CDATA[Improper Access Control in `fizzy.do` import flow allows cross-tenant ActionText reference resolution and data disclosure]]> https://academy.logicalbreach.com//writeups/improper-access-control-in-fizzy-do-import-flow-allows-cross-tenant-actiontext-reference-resolution-and-data-disclosure-1271160b ca76dbce-a475-4127-94e3-f48feee7f389 Sat, 18 Apr 2026 10:08:57 GMT https://hackerone.com/reports/3543475 by xavlimsg]]> <![CDATA[Brave Shields Domain Reordering Leads to Origin Confusion]]> https://academy.logicalbreach.com//writeups/brave-shields-domain-reordering-leads-to-origin-confusion-0201d210 5605615a-c949-42ae-b181-668ee1a8e691 Sat, 18 Apr 2026 10:06:14 GMT https://hackerone.com/reports/3665151 by mousepadkalilinux12]]> <![CDATA[Credential Disclosure via Unvalidated directDownloadUrl (Missing DontAddCredentialsAttribute)]]> https://academy.logicalbreach.com//writeups/credential-disclosure-via-unvalidated-directdownloadurl-missing-dontaddcredentialsattribute-d97535ec b9f907b5-0223-4830-82f8-1d98d084bd5f Sat, 18 Apr 2026 10:03:37 GMT https://hackerone.com/reports/3400143 by py0zz1]]> <![CDATA[[Duplicate] Open Redirect Flow Abuse via OAuth Validation Bypass]]> https://academy.logicalbreach.com//writeups/duplicate-open-redirect-flow-abuse-via-oauth-validation-bypass-32d63048 d6a29801-290c-41cf-95c6-10dc58ae9b5a Sat, 11 Apr 2026 18:03:51 GMT <![CDATA[[Duplicate] Reflected XSS to Account Takeover (Credential Hijacking)]]> https://academy.logicalbreach.com//writeups/duplicate-reflected-xss-to-account-takeover-credential-hijacking-6df42df2 9a055de6-cbba-4607-a43e-1b3c32351c0d Sat, 11 Apr 2026 17:59:00 GMT <![CDATA[[Vertical Privilege Escalation] User can Unapproved any Approved Translation at [/translations/unapprove/]]]> https://academy.logicalbreach.com//writeups/vertical-privilege-escalation-user-can-unapproved-any-approved-translation-at-translations-unapprove-6ac102c0 78a600af-3cb1-4c16-8ba2-85dfc43abbf6 Sat, 11 Apr 2026 16:52:28 GMT https://hackerone.com/reports/3020021 by adilnbabras]]> <![CDATA[User Can Delete Other Users' Personal Access Tokens at /delete-token/{token_id}/ on Mozilla Pontoon]]> https://academy.logicalbreach.com//writeups/user-can-delete-other-users-personal-access-tokens-at-delete-token-token-id-on-mozilla-pontoon-441a5866 2be31f50-e68d-47b5-8c66-32154817b0ec Sat, 11 Apr 2026 16:52:03 GMT https://hackerone.com/reports/3325582 by adilnbabras]]>