Full account takeover through referral code.

Share/Referring code parameter was an indicator to the web application that the account is a new one.

  • August 20,2018 — Bug reported
  • August 20,2018 — Bug triaged
  • August 22,2018 — Bounty rewarded 700$
  • August 23,2018–Report resolved




I’m a Penetration Tester, Bug Hunter @ HackerOne

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Ethical Hacking (part 1.0/20): Footprinting and Reconnaissance with examples and tools

Multi-signature wallet support on CRTS

We have Migrated the UTU-ETH Trading Pair to Uniswap v3 — UTU

Is it safe to use Zoom and what’s next for Zoom Platform?

Proactive Risk Management Essential to B2B Cyber Security

Staking Phase 2 ( Mar 22 — Apr 21, 2022) recorded the following numbers by Apr 7, 2022:

Two years of Fastmail and how it replaced Gmail

P2E Game Nemesis Downfall Partners with Arcana Network

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mostafa Mamdoh

Mostafa Mamdoh

I’m a Penetration Tester, Bug Hunter @ HackerOne

More from Medium

Zain CTF 2022 Writeups — squirrel Challenge

Baby Step toward Android App Penetration Testing

UTCTF 2021 — RF is Spooky

Jumping in Headfirst