pyus3r

Available for immediate withdrawal€16,109

Professional Bio

21y/o Bug Bounty Hunter & Founder of Logical Breach Academy

Documented

Writeups

Cheatsheets

Tools

Featured Content

Improper Access Control - Generic (CWE-284)FREE

MFA Bypass via Account Attribute Manipulation

A vulnerability was identified where an authenticated user could disable Multi-Factor Authentication (MFA) on their own account by modifying hidden account attributes through a backend API endpoint. This allowed subsequent logins without an MFA prompt, effectively bypassing the security control and increasing the risk of unauthorized access in the event of credential compromise.

pyus3r

352

Apr 24, 2026

CVSS6.5

€282

Cross-site Scripting (XSS) - Stored (CWE-79)FREE

Escalating Reflected XSS to High Severity via WAF Bypass + Credential Phishing

A Reflected XSS vulnerability was identified in a navigation/routing endpoint of a financial institution's web application. The callback GET parameter is reflected unsanitized into a JavaScript context on the client side, allowing arbitrary code execution.

pyus3r

336

Apr 22, 2026

CVSS8.1

€940

SQL Injection (CWE-89)FREE

SQL Injection on api.redacted-target.com through /api/v1/auth/login via POST parameter "module" leads to Sensitive Data Exposure and Remote Code Execution

Pre-authenticated SQL Injection on api.redacted-target.com through /api/v1/auth/login via POST parameter "module" leads to Sensitive Data Exposure and Remote Code Execution

pyus3r

245

May 20, 2026

CVSS8.6

€470

LogicalBreach Academy

pyus3r

Professional Bio

Featured Content

MFA Bypass via Account Attribute Manipulation

Escalating Reflected XSS to High Severity via WAF Bypass + Credential Phishing

SQL Injection on api.redacted-target.com through /api/v1/auth/login via POST parameter "module" leads to Sensitive Data Exposure and Remote Code Execution